Skip to content

fix(ansible): pub key storing location for agnocast ppa package #6603

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
isamu-takagi merged 5 commits into from
Dec 16, 2025
Merged

fix(ansible): pub key storing location for agnocast ppa package #6603

isamu-takagi merged 5 commits into from
Dec 16, 2025
+70 −5

Conversation

@Koichi98
Copy link
Contributor

@Koichi98 Koichi98 commented Nov 21, 2025
edited
Loading

Description

Summary

This PR updates the Agnocast PPA repository configuration to use the modern DEB822 format (.sources file) with explicit GPG key signing.

Changes

  • Remove legacy Agnocast PPA configuration automatically before setup (old .list files and GPG keys)
  • Create /etc/apt/keyrings directory for storing GPG keys
  • Download and install the Agnocast PPA GPG key to /etc/apt/keyrings/agnocast-ppa.gpg
  • Add GPG key fingerprint verification for security
  • Configure the repository using DEB822 format with explicit Signed-By directive

Migration Issue Notice

The Ansible playbook automatically removes any legacy Agnocast PPA configuration before setting up the new format. This includes:

  1. Removing the PPA via add-apt-repository --remove
  2. Removing old /etc/apt/sources.list.d/agnocast.list files
  3. Removing old /etc/apt/trusted.gpg.d/agnocast.gpg keys

This prevents the following conflict error that previously occurred when both old and new configurations coexisted:

  TASK [autoware.dev_env.agnocast : Update apt cache] ************************************************************************************************************************************************************************************************************
  fatal: [localhost]: FAILED! => {"changed": false, "msg": "E:Conflicting values set for option Signed-By regarding source http://ppa.launchpad.net/t4-system-software/agnocast/ubuntu/ jammy: /etc/apt/keyrings/agnocast-ppa.gpg != , E:The list of sources could not be read."}

How was this PR tested?

TASK [autoware.dev_env.agnocast : Remove legacy agnocast PPA via add-apt-repository] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [autoware.dev_env.agnocast : Remove legacy agnocast sources.list files] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Remove legacy agnocast GPG keys from trusted.gpg.d] *******************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Save current IPv6 settings] *******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Temporarily disable IPv6] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => (item={'name': 'net.ipv6.conf.all.disable_ipv6'})
ok: [localhost] => (item={'name': 'net.ipv6.conf.default.disable_ipv6'})

TASK [autoware.dev_env.agnocast : Create /etc/apt/keyrings directory] ***********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Download agnocast PPA GPG key while IPv6 is disabled] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [autoware.dev_env.agnocast : Convert GPG key to binary format and install] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [autoware.dev_env.agnocast : Verify GPG key fingerprint] *******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Display GPG key verification success] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "GPG key fingerprint verified successfully: CFDB1950382092423DF37D3E075CD8B5C91E5ACA"
}

TASK [autoware.dev_env.agnocast : Add agnocast repository] **********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [autoware.dev_env.agnocast : Restore original IPv6 settings] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost] => (item=net.ipv6.conf.all.disable_ipv6 = 1) 
skipping: [localhost] => (item=net.ipv6.conf.default.disable_ipv6 = 1) 
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Update apt cache] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
changed: [localhost]

TASK [autoware.dev_env.agnocast : Install agnocast-heaphook-v2.1.2] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Check if running in a container using systemd-detect-virt] ************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Set container environment fact] ***************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Display environment detection result] *********************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "Running in container: False (detected: none)"
}

TASK [autoware.dev_env.agnocast : Display info when skipping agnocast-kmod in container] ****************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Check if linux-headers package is available] **************************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Display warning if linux-headers is not available] ********************************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost] => {
    "msg": "WARNING: linux-headers-6.8.1+ package not found. The agnocast-kmod installation may fail. Please manually install the kernel headers and re-run this role."
}

TASK [autoware.dev_env.agnocast : Install linux headers for the running kernel] *************************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Display warning if linux-headers installation failed] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Check if agnocast-kmod is installed in dkms with version v2.1.2] ******************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [autoware.dev_env.agnocast : Purge agnocast-kmod if not found in dkms for version v2.1.2] **********************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Install agnocast-kmod if not found in dkms for version v2.1.2] ********************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Display warning if agnocast-kmod installation failed] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************
skipping: [localhost]

TASK [autoware.dev_env.agnocast : Ensure agnocast module is loaded at boot via modules-load.d] **********************************************************************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

Notes for reviewers

None.

Effects on system behavior

None.

@Koichi98
fix pub key storing location for agnocast ppa package
92fe8c0 
Signed-off-by: Koichi Imai <koichi.imai.2@tier4.jp>
@Koichi98
delete unnecessary comments
812f140 
Signed-off-by: Koichi Imai <koichi.imai.2@tier4.jp>
@github-actions
Copy link

github-actions bot commented Nov 21, 2025
edited
Loading

Thank you for contributing to the Autoware project!

🚧 If your pull request is in progress, switch it to draft mode.

Please ensure:

@Koichi98
fix ansible-lint
cba3357 
Signed-off-by: Koichi Imai <koichi.imai.2@tier4.jp>
@Koichi98
use copy module
5cb5e08 
Signed-off-by: Koichi Imai <koichi.imai.2@tier4.jp>
@Koichi98 Koichi98 marked this pull request as ready for review November 28, 2025 06:41
@Koichi98 Koichi98 self-assigned this Nov 28, 2025
@mitsudome-r mitsudome-r added the run:health-check Run health-check label Nov 28, 2025
@isamu-takagi
Copy link
Contributor

isamu-takagi commented Dec 4, 2025

@Koichi98 I'm concerned that many developers will not be able to find the workaround in this PR when they encounter the error. Can you add a workaround to ansible?

@Koichi98
remove legacy settings
75bbbeb 
Signed-off-by: Koichi Imai <koichi.imai.2@tier4.jp>
@Koichi98
Copy link
Contributor Author

Koichi98 commented Dec 9, 2025

@isamu-takagi
I've added tasks that remove the legacy PPA configuration before setup. It just does nothing and pass when there is no legacy configuration.

isamu-takagi
isamu-takagi approved these changes Dec 10, 2025
View reviewed changes
Copy link
Contributor

@isamu-takagi isamu-takagi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I have confirmed that setup-dev-env runs successfully twice.

@isamu-takagi isamu-takagi merged commit b92d585 into autowarefoundation:main Dec 16, 2025
17 of 19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitsudome-r mitsudome-r mitsudome-r approved these changes

@isamu-takagi isamu-takagi isamu-takagi approved these changes

@oguzkaganozt oguzkaganozt Awaiting requested review from oguzkaganozt oguzkaganozt is a code owner

@youtalk youtalk Awaiting requested review from youtalk youtalk is a code owner

Assignees

@Koichi98 Koichi98

Labels

run:health-check Run health-check

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Koichi98 @isamu-takagi @mitsudome-r