Thursday, April 25, 2024
Homepage · apt
 Popular · Latest · Hot · Upcoming
201
rated 0 times [  201] [ 0]  / answers: 1 / hits: 178340  / 3 Years ago, mon, june 28, 2021, 7:01:24

Recently I've noticed some issues when running apt where the system will warn me of a keyring deprecation:


Reading package lists... Done

Building dependency tree... Done

Reading state information... Done

8 packages can be upgraded. Run 'apt list --upgradable' to see them.

W: https://packages.microsoft.com/repos/edge/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

This doesn't stop me from performing the update, but I would much rather not see this when updating my system. How are we supposed to store trusted GPG keys going forward?


More From » apt
 Answers
7

One way to resolve this is to export the GPG key from the deprecated keyring and store it in /usr/share/keyrings. Fortunately, it's not too difficult:



  1. Open Terminal (if it's not already open)



  2. List existing keys:


    $ sudo apt-key list
    
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    
/etc/apt/trusted.gpg
    
--------------------
    
pub   rsa4096 2017-05-08 [SCEA]
    
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
    
uid           [ unknown] Sublime HQ Pty Ltd <[email protected]>
    
sub   rsa4096 2017-05-08 [S]
    

    
pub   rsa2048 2015-10-28 [SC]
    
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
    
uid           [ unknown] Microsoft (Release signing) <[email protected]>


  3. From here, we can export a key:


    sudo apt-key export BE1229CF | sudo gpg --dearmour -o /usr/share/keyrings/microsoft.gpg

    Note: The BE1229CF value comes from the last 8 characters of the pub code.


    The following message will likely appear:


    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).


  4. Now we can update our apt source file for the repository (e.g., /etc/apt/sources.list.d/microsoft.list), adding a signed-by tag:


    deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main


  5. Update apt to confirm the message is gone:


    sudo apt update
    
...
    
Reading package lists... Done
    
Building dependency tree... Done
    
Reading state information... Done
    
All packages are up-to-date.
    
W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.


  6. Remove the original signature:


    sudo apt-key del BE1229CF



This can be done with each of the warning messages. Once done, apt will no longer complain.


[#727] Monday, June 28, 2021, 3 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
lintical
Add To Favorites
Follow
Total Points: 344
Total Questions: 122
Total Answers: 106
Location: Sint Maarten
Member since Mon, Oct 12, 2020
4 Years ago
lintical questions
Thu, Jan 12, 23, 03:07, 1 Year ago
Sat, Oct 30, 21, 18:17, 3 Years ago
Sat, Aug 7, 21, 04:29, 3 Years ago
Mon, Dec 5, 22, 00:03, 1 Year ago
Tue, Mar 15, 22, 16:55, 2 Years ago
View All
;