From 1793b8b70ca2e3587c271155033ef943207136ae Mon Sep 17 00:00:00 2001
From: Paul Goins <paul.goins@canonical.com>
Date: Tue, 18 May 2021 17:02:51 +0000
Subject: Added support for importing keys via primary/security mirror clauses
 (#882)

Presently, mirror keys cannot be associated with primary/security
mirrors.  Unfortunately, this prevents use of Landscape-managed
package mirrors as the mirror key for the Landscape-hosted repository
cannot be provided.

This patch allows the same key-related fields usable on "sources"
entries to be used on the "primary" and "security" entries as well.

LP: #1925395
---
 cloudinit/config/cc_apt_configure.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'cloudinit')

diff --git a/cloudinit/config/cc_apt_configure.py b/cloudinit/config/cc_apt_configure.py
index bb8a1278..0c9c7925 100644
--- a/cloudinit/config/cc_apt_configure.py
+++ b/cloudinit/config/cc_apt_configure.py
@@ -57,6 +57,15 @@ mirror_property = {
             },
             'search_dns': {
                 'type': 'boolean',
+            },
+            'keyid': {
+                'type': 'string'
+            },
+            'key': {
+                'type': 'string'
+            },
+            'keyserver': {
+                'type': 'string'
             }
         }
     }
@@ -228,6 +237,15 @@ schema = {
                         key, the search pattern will be
                         ``<distro>-security-mirror``.
 
+                        Each mirror may also specify a key to import via
+                        any of the following optional keys:
+
+                            - ``keyid``: a key to import via shortid or \
+                                  fingerprint.
+                            - ``key``: a raw PGP key.
+                            - ``keyserver``: alternate keyserver to pull \
+                                    ``keyid`` key from.
+
                         If no mirrors are specified, or all lookups fail,
                         then default mirrors defined in the datasource
                         are used. If none are present in the datasource
@@ -453,6 +471,7 @@ def apply_apt(cfg, cloud, target):
     LOG.debug("Apt Mirror info: %s", mirrors)
 
     if util.is_false(cfg.get('preserve_sources_list', False)):
+        add_mirror_keys(cfg, target)
         generate_sources_list(cfg, release, mirrors, cloud)
         rename_apt_lists(mirrors, target, arch)
 
@@ -660,6 +679,13 @@ def disable_suites(disabled, src, release):
     return retsrc
 
 
+def add_mirror_keys(cfg, target):
+    """Adds any keys included in the primary/security mirror clauses"""
+    for key in ('primary', 'security'):
+        for mirror in cfg.get(key, []):
+            add_apt_key(mirror, target)
+
+
 def generate_sources_list(cfg, release, mirrors, cloud):
     """generate_sources_list
        create a source.list file based on a custom or default template
-- 
cgit v1.2.3