Observations, Musings & Gadgets

...things I find interesting

Archives for August 2018

Individual keyfiles for apt repositories

As we use salt stack to automatically provision software as part of a preseeded auto install, one of the things we need to be able to do, is to add an apt repository.

There is a way to natively add the keys for a repository, but if you do that, the keys all end up in /etc/apt/trusted.gpg. We would much prefer that keys for third party repositories end up in a separate file in /etc/apt/trusted.gpg.d, as we typically add third party repositories to their own files in /etc/apt/sources.list.d

This is following the preference for leaving package installed config files as stock as possible and making local configuration changes in a .d directory.

Given a repositories gpg key, we cannot use the apt-key tool to add the key, as this would add it to the default keyfile, /etc/apt/trusted.gpg. So the answer is to use gpg.

gpg --no-default-keyring --keyring ./somerepo.gpg --import somerepo.key
cp somerepo.gpg /etc/apt/trusted.gpg.d
chmod 644 /etc/apt/trusted.gpg.d/somerepo.gpg

EDIT: This hasn't always worked, but I've found a better way.

gpg --no-default-keyring --keyring gnupg-ring:./somerepo.gpg --keyserver hkp://somekey.server --recv-key A5BE2D9C67A18DE6
cp somerepo.gpg /etc/apt/trusted.gpg.d
chmod 644 /etc/apt/trusted.gpg.d/somerepo.gpg
tagged as ubuntu, salt, deb

Archives