fips-preview: add gpg key for the service

To enable the fips-preview service, we need to have its gpg key on the Pro client package
canonical · Oct 4, 2023 · 445aaa6 · 445aaa6
1 parent 6ea1a65
commit 445aaa6
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/features/enable_fips_vm.feature b/features/enable_fips_vm.feature
@@ -618,9 +618,11 @@ Feature: FIPS enablement in lxd VMs
         And I verify that running `pro enable fips-preview` `with sudo` and stdin `N` exits `1`
         Then stdout matches regexp:
         """
-        This will install not NIST-certified FIPS packages.
-        Please use this service only for test purposes.
-        Additionally, the Livepatch service will be unavailable after the operation.
+        This will install crypto packages that have been submitted to NIST for review
+        but do not have FIPS certification yet. Use this for early access to the FIPS
+        modules.
+        Please note that the Livepatch service will be unavailable after
+        this operation.
         Warning: This action can take some time and cannot be undone.
         """
         When I run `pro enable realtime-kernel --assume-yes` with sudo

diff --git a/keyrings/ubuntu-pro-fips-preview.gpg b/keyrings/ubuntu-pro-fips-preview.gpg
diff --git a/uaclient/entitlements/fips.py b/uaclient/entitlements/fips.py
@@ -583,6 +583,7 @@ class FIPSPreviewEntitlement(FIPSEntitlement):
     help_text = messages.FIPS_PREVIEW_HELP_TEXT
     origin = "UbuntuFIPSPreview"
     pre_enable_msg = messages.PROMPT_FIPS_PREVIEW_PRE_ENABLE
+    repo_key_file = "ubuntu-pro-fips-preview.gpg"
 
     @property
     def incompatible_services(self) -> Tuple[IncompatibleService, ...]: