[Bug 1553121] Re: Xenial preseed fails to load key for 3rd party repo with apt-setup/local0/key

Wed May 9 15:09:34 UTC 2018

Hi Markus,

this was originally a Bug about SHA-1 signed repositories in local0
breaking the entire installation. The Error messages displayed,
where/are not really good, changing to the shell of the install system,
and having a look at /var/log/syslog there shows more.

This was in 2016 and mainly a topic for xenial. But if you are still
using SHA1 signed repositories this will affect you in some way in any
newer release, too. Bionic removes any repositories that have invalid
keys, whereas xenial fails to install the base system because all
repositories where not loaded.

The missing gnupg tools are affecting bionic, I would wonder if this will affect artful, too. For xenial this is definitely working.
The missing gnupg tools are discussed in Bug #1754075 for bionic. There are two ways to fix. As far as I know none of them has been applied, yet.

This bug is not duplicated and IMHO not really solved, but it has lost
importance since SHA-1 signed repositories are getting rarer.

Kind regards
   Lars

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to debian-installer in Ubuntu.
https://bugs.launchpad.net/bugs/1553121

Title:
  Xenial preseed fails to load key for 3rd party repo with apt-
  setup/local0/key

Status in apt-setup package in Ubuntu:
  Confirmed
Status in base-installer package in Ubuntu:
  Confirmed
Status in console-setup package in Ubuntu:
  Confirmed
Status in debian-installer package in Ubuntu:
  Confirmed

Bug description:
  I have an automated preseed installation that uses these lines to add
  custom repos during the installation:

  d-i apt-setup/local0/repository string deb http://jschule.github.io/ubuntu/ /
  d-i apt-setup/local0/comment string JTS local repository
  d-i apt-setup/local0/source boolean false
  d-i apt-setup/local0/key string http://jschule.github.io/ubuntu/repo.key

  d-i apt-setup/local1/repository string deb http://dl.google.com/linux/chrome/deb/ stable main
  d-i apt-setup/local1/comment string Google Chrome Browser
  d-i apt-setup/local1/source boolean false
  d-i apt-setup/local1/key string http://dl.google.com/linux/linux_signing_key.pub

  (seehttps://github.com/jschule/ubuntu/blob/d46f1cef49ed71dc4bfe317119cccd3f39097ef4/preseed/jts.txt
  for complete preseed file that causes the problem).

  In xenial the installation fails because the GPG key for the local0
  repo is not loaded into the system so that it can be used (see
  screenshot). Strangely, "chroot /target apt-key list" shows the key
  9E62229E to be installed.

  Just to be sure that there is no problem with my repo and key I
  started the Xenial live CD and installed my repo there manually. All
  works well. IMHO this shows that the problem is clearly related to the
  automated installation with preseed.

  Maybe this is related to #1512347, that was the only thing I could
  find on Launchpad that is in the same area.

  If you want to reproduce this then you can checkout the scripts from
  https://github.com/jschule/ubuntu/tree/gh-pages/qemu and run "./run.sh
  xenial" to start my installation.

  I found a very ugly workaround by changing the apt-setup lines to
  this:

  d-i apt-setup/local0/repository string deb http://archive.canonical.com/ubuntu trusty partner
  d-i apt-setup/local0/source boolean false

  d-i apt-setup/local1/repository string deb http://jschule.github.io/ubuntu/ /
  d-i apt-setup/local1/comment string JTS local repository
  d-i apt-setup/local1/source boolean false
  d-i apt-setup/local1/key string http://jschule.github.io/ubuntu/repo.key

  d-i apt-setup/local2/repository string deb http://dl.google.com/linux/chrome/deb/ stable main
  d-i apt-setup/local2/comment string Google Chrome Browser
  d-i apt-setup/local2/source boolean false
  d-i apt-setup/local2/key string http://dl.google.com/linux/linux_signing_key.pub

  I suppose that the workaround works because now the local0 repo is one
  where the signing key is already part of Ubuntu. I just hope that
  there is no package in the trusty partner repo that is not also in the
  xenial partner repo.

  For me it is very important that you fix this bug before 16.04 is
  released so that I can continue to use Ubuntu with an automated setup.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt-setup/+bug/1553121/+subscriptions