cloud-init

cloud-init shouldn't use apt-key

Bug #1836336 reported by Julian Andres Klode
34
This bug affects 5 people
Affects Status Importance Assigned to Milestone
cloud-init
Fix Released
High
Brett Holman

Bug Description

In cc_apt_configure.py, add_apt_key_raw() uses apt-key to add keys. apt-key is deprecated (that's why it prints a warning)

It should instead be dropping raw .gpg files or (optionally, starting with bionic / apt 1.4) ASCII armored .asc files into trusted.gpg.d, with a name matching the name of the source.

Not sure if there are other places.

Revision history for this message
Dan Watkins (oddbloke) wrote :

Hi Julian,

Thanks for letting us know! I have a couple of questions, one to help us understand priority and one to inform implementation once we get there:

* Are there any plans to remove apt-key from Debian or Ubuntu any time soon? (i.e. Is there a forcing function here?)
* When you say "with a name matching the name of the source", is that a strict requirement for the key to be found, or best practice?

Thanks!

Dan

Changed in cloud-init:
status: New → Triaged
importance: Undecided → Wishlist
Revision history for this message
Julian Andres Klode (juliank) wrote :

> * Are there any plans to remove apt-key from Debian or Ubuntu any time soon? (i.e. Is there a forcing function here?)

I don't really know. I mean, I'd love to, as I'm probably going to kill use of apt-key in apt entirely. It also does not work on Debian without installing gnupg first (which is installed in Ubuntu IIRC)

> * When you say "with a name matching the name of the source", is that a strict requirement for the key to be found, or best practice?

A best practice, though I'm considering the possibility of automatically restricting a foo.list to use a foo.gpg key if the foo.gpg key exists.

Revision history for this message
James Falcon (falcojr) wrote :

Changed priority to high as support for apt-key will soon be removed.

Changed in cloud-init:
importance: Wishlist → High
Brett Holman (holmanb)
Changed in cloud-init:
assignee: nobody → Brett Holman (holmanb)
Revision history for this message
James Falcon (falcojr) wrote :

See https://github.com/canonical/cloud-init/pull/1068

Changed in cloud-init:
status: Triaged → Fix Committed
Revision history for this message
James Falcon (falcojr) wrote : Fixed in cloud-init version 21.4.

This bug is believed to be fixed in cloud-init in version 21.4. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
Revision history for this message
James Falcon (falcojr) wrote :

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3405

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.