cloud-init shouldn't use apt-key

Bug #1836336 reported by Julian Andres Klode
34
This bug affects 5 people
Affects Status Importance Assigned to Milestone
cloud-init
Fix Released
High
Brett Holman

Bug Description

In cc_apt_configure.py, add_apt_key_raw() uses apt-key to add keys. apt-key is deprecated (that's why it prints a warning)

It should instead be dropping raw .gpg files or (optionally, starting with bionic / apt 1.4) ASCII armored .asc files into trusted.gpg.d, with a name matching the name of the source.

Not sure if there are other places.

Revision history for this message
Dan Watkins (oddbloke) wrote :

Hi Julian,

Thanks for letting us know! I have a couple of questions, one to help us understand priority and one to inform implementation once we get there:

* Are there any plans to remove apt-key from Debian or Ubuntu any time soon? (i.e. Is there a forcing function here?)
* When you say "with a name matching the name of the source", is that a strict requirement for the key to be found, or best practice?

Thanks!

Dan

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Julian Andres Klode (juliank) wrote :

> * Are there any plans to remove apt-key from Debian or Ubuntu any time soon? (i.e. Is there a forcing function here?)

I don't really know. I mean, I'd love to, as I'm probably going to kill use of apt-key in apt entirely. It also does not work on Debian without installing gnupg first (which is installed in Ubuntu IIRC)

> * When you say "with a name matching the name of the source", is that a strict requirement for the key to be found, or best practice?

A best practice, though I'm considering the possibility of automatically restricting a foo.list to use a foo.gpg key if the foo.gpg key exists.

Revision history for this message
James Falcon (falcojr) wrote :

Changed priority to high as support for apt-key will soon be removed.

Changed in cloud-init:
importance: Wishlist → High
Brett Holman (holmanb)
Changed in cloud-init:
assignee: nobody → Brett Holman (holmanb)
Revision history for this message
James Falcon (falcojr) wrote :
Changed in cloud-init:
status: Triaged → Fix Committed
Revision history for this message
James Falcon (falcojr) wrote : Fixed in cloud-init version 21.4.

This bug is believed to be fixed in cloud-init in version 21.4. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers