Bug#970796: cloud-init: Please add gnupg to Recommends
On Wed, Sep 23, 2020 at 10:57:50AM -0400, Daniel Watkins wrote:
> cloud-init uses gnupg in two ways: directly, to fetch and export keys
> (when specified by ID, see [0]), and via apt-key to add keys to the system
> (whether specified via ID or in full, see [1]). (Even once we remove
> apt-key usage[2], we will still need it for the former use case.)
>
> I've just opened a PR[3] to add this to our Ubuntu packaging, and would
> request that you do the same so that Debian users are able to configure
> custom apt sources using cloud-init configuration.
>
> (My assumption here is that Debian cloud images are built with
> --install-recommends; if not, then you may want to consider ensuring
> that gnupg is present in Debian cloud images via other means.)
This was previously discussed in the context of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910654
Unfortunately, most of the discussion occurred in person at the 2018
cloud team sprint, and wasn't captured in the bug report. IIRC, at the
time, most of the discussion focused on the apt-key use-case, and there
were enough people who felt strongly that using gpg to fetch keys from a
key server was a sufficiently bad idea, and the same functionality could
be provided by passing a complete public key directly via cloud-config
userdata, that we should support this functionality. This opinion
wasn't universally held, but it was held strongly enough by enough
people to overrule any dissenting opionions.
Maybe it's worth revisiting this discussion for bullseye?
noah
Reply to: