defect.ch - Wiki

User Tools

Site Tools

You are here: defect.ch - Wiki » Operating Systems » Linux » Linux - APT
os:linux:apt

This is an old revision of the document!

Linux - APT

apt-key Deprecation

According to the DEPRECATION section of the apt-key man page:

Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace existing use of apt-key.

The man page contains some hints and an example how to convert command snippets with apt-key to a supported command.

Deprecated: 

wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -

Supported replacement: 

wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

Recommended supported replacement (/etc/apt/keyrings/ is just an example, there is no recommended path): 

wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/keyrings/myrepo.asc
deb [signed-by=/etc/apt/keyrings/myrepo.asc arch=amd64] https://myrepo.example/debian main

FIXME 

DEPRECATION
       Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace existing use of apt-key.

       If your existing use of apt-key add looks like this:

       wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -

       Then you can directly replace this with (though note the recommendation below):

       wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

       Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also known as "GPG key public ring"). The binary OpenPGP format works for all apt versions, while the ASCII
       armored format works for apt version >= 1.4.

       Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the Signed-By option in your sources.list and pointing to the filename of the key. See
       sources.list(5) for details. Since APT 2.4, /etc/apt/keyrings is provided as the recommended location for keys not managed by packages. When using a deb822-style sources.list, and with apt version >= 2.4, the Signed-By
       option can also be used to include the full ASCII armored keyring directly in the sources.list without an additional file.



root@raspi1:~# apt update
Hit:1 http://raspbian.raspberrypi.org/raspbian bookworm InRelease
Hit:2 http://archive.raspberrypi.org/debian bookworm InRelease
Hit:3 https://apt.releases.teleport.dev/debian bookworm InRelease
Hit:4 https://repo.zabbix.com/zabbix/7.0/raspbian bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: http://raspbian.raspberrypi.org/raspbian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.raspberrypi.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://repo.zabbix.com/zabbix/7.0/raspbian bookworm InRelease' doesn't support architecture 'armhf'



wget -qO- http://raspbian.raspberrypi.org/raspbian.public.key | sudo tee /etc/apt/trusted.gpg.d/raspbian-raspberrypi.asc




root@raspi1:~# apt update
Hit:1 http://raspbian.raspberrypi.org/raspbian bookworm InRelease
Hit:2 http://archive.raspberrypi.org/debian bookworm InRelease
Hit:3 https://apt.releases.teleport.dev/debian bookworm InRelease
Hit:4 https://repo.zabbix.com/zabbix/7.0/raspbian bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: http://archive.raspberrypi.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
N: Skipping acquire of configured file 'main/binary-armhf/Packages' as repository 'https://repo.zabbix.com/zabbix/7.0/raspbian bookworm InRelease' doesn't support architecture 'armhf'




W: http://archive.raspberrypi.org/debian/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.


wget -qO- http://archive.raspberrypi.org/debian/raspberrypi.gpg.key | sudo tee /etc/apt/trusted.gpg.d/archive-raspberrypi.asc
os/linux/apt.1717513785.txt.gz · Last modified: 2024-06-04 17:09 by Manuel Frei