If a webpage tells you to run a command to import a GPG key when setting up an APT repository, it isn’t necessarily correct! Newer versions of Ubuntu no longer use apt-key
and /etc/apt/trusted.gpg
, preferring you put repository GPG keys in a file under /etc/apt/trusted.gpg.d
.
Having recently reinstalled my desktop and not realising this, I had this exceedingly annoying error:
W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
This is one of the kinds of errors that tells you what you shouldn’t do, and isn’t too helpful about guiding you to what you should do.
As this is an easily forgettable problem, here’s how to fix it.
First, list the keys in /etc/apt/trusted.gpg
:
gpg --keyring /etc/apt/trusted.gpg --list-keys
You will see a list of keys similar to the following:
pub rsa4096 2021-10-27 [SC] [expires: 2023-01-20]
F9A211976ED662F00E59361E5E3C45D7B312C643
uid [ unknown] Spotify Public Repository Signing Key tux@spotify.com
pub rsa4096 2013-11-19 [SC] [expires: 2027-11-11]
222B85B0F90BE2D24CFEB93F47484E50656D16C7
uid [ unknown] Keybase.io Code Signing (v1) code@keybase.io
sub rsa4096 2013-11-19 [E] [expires: 2027-11-11]
pub rsa4096 2014-01-13 [SCEA] [expired: 2019-01-12]
418A7F2FB0E1E6E7EABF6FE8C2E73424D59097AB
uid [ expired] packagecloud ops (production key) ops@packagecloud.io
pub rsa4096 2016-02-18 [SCEA]
DB085A08CA13B8ACB917E0F6D938EC0D038651BD
uid [ unknown] https://packagecloud.io/slacktechnologies/slack (https://packagecloud.io/docs#gpg_signing) support@packagecloud.io
sub rsa4096 2016-02-18 [SEA]
For each of the keys, find the key ID – the long hexadecimal string on the second line, and run the following command:
gpg --keyring /etc/apt/trusted.gpg --export <key-id> | sudo tee /etc/apt/trusted.gpg/<repository>.gpg
Finally, tidy up after yourself by deleting the key from trusted.gpg
:
sudo gpg --keyring /etc/apt/trusted.gpg --delete-key <key-id>
You can even specify multiple keys on the command line.
And that’s it.
Can you explain what the “” reference comes from what how to name that?
/etc/apt/trusted.gpg/.gpg
There are multiple explanations across the internet using this characterization and none explaining how one fills in that part – is it just random name, is it apparent where it is because I can’t find it.
I don’t think it matters what you call the file, as long as it’s in /etc/apt/trusted.gpg.d/
Repository name – where does that come from? How to know what it is?