Primary/security apt mirrors don't support key parameters
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
I'm trying to add a Landscape-based repository mirror. We're mirroring the official Ubuntu repositories locally via Landscape along with other packages so as to have a single mirror for all deb packages in this particular environment.
However, cloud-init doesn't seem to support supplying key-related parameters in the primary/security mirror clauses, but rather only in the sources clauses. The landscape-based mirror requires its own key, and without being able to provide the key to be added via apt-key, things break.
This can be worked around by adding a duplicate entry as one of the "sources", however this is less than ideal because it generates a bunch of warnings due to the duplicate apt entries.
Hi Paul and thanks for this bug report. I agree that's currently a cloud-init limitation.
I have a different and possibly better (but untested!) workaround to suggest: use write_files to dump the gpg key to trust to /etc/apt/ trusted. gpg.d/. This should prevent the "duplicate entry" warning, and adding keys to trust in this way is better than using apt-key (what "sources" does, see the deprecation warning in apt-key(8)), but I agree it should be better integrated in the repositories config.
[1] https:/ /cloudinit. readthedocs. io/en/latest/ topics/ modules. html#write- files