Comment 1 for bug 1930281

Thanks for the detailed bug report.

You can make your example "work" by removing the "signed-by=/usr/share/keyrings/docker-archive-keyring.gpg" section on your deb line, though this is insecure for the reasons you linked.

cloud-init is currently adding raw keys via the apt-key command. We'll need to change this.