Add keyring if supplied

When building with debootstrap, debootstrap will use the key to check
that everything is properly signed. It will not `apt-key add` the key
into the final environment, however.

Early adding the key after debootstrap before we need to read from the
private repo again prevents unsigned issues. This also maintains the
integrity of the packages in the environment throughout the build.

Change-Id: I5ca75ae4620c9fb26b512cb30f8cd79fa7a0373a

diskimage_builder/elements/debian-minimal/root.d/75-debian-minimal-baseinstall

@@ -24,6 +24,11 @@ fi
 set -eu
 set -o pipefail
 
+# NOTE(SamYaple): Add the keyring deboostrap used if specified
+if [ -n "${DIB_APT_KEYRING:-${DIB_DEBIAN_KEYRING:-}}" ]; then
+    cat $DIB_APT_KEYRING | sudo chroot $TARGET_ROOT /usr/bin/apt-key add -
+fi
+
 # Writes the apt sources files.
 # The description is passed in via line coded elements.
 # (The approach using associative arrays for configuration faild,

diskimage_builder/elements/ubuntu-minimal/root.d/75-ubuntu-minimal-baseinstall

@@ -21,6 +21,11 @@ fi
 set -eu
 set -o pipefail
 
+# NOTE(SamYaple): Add the keyring deboostrap used if specified
+if [ -n "${DIB_APT_KEYRING:-${DIB_DEBIAN_KEYRING:-}}" ]; then
+    cat $DIB_APT_KEYRING | sudo chroot $TARGET_ROOT /usr/bin/apt-key add -
+fi
+
 # We should manage this in a betterer way
 sudo bash -c "cat << EOF >$TARGET_ROOT/etc/apt/sources.list
 deb $DIB_DISTRIBUTION_MIRROR $DIB_RELEASE ${DIB_DEBIAN_COMPONENTS//,/ }