Skip to content

Instantly share code, notes, and snippets.

@bmatthewshea
Last active March 15, 2024 19:21
Show Gist options
  • Save bmatthewshea/7d5b96763607738df9cadb17df48ec00 to your computer and use it in GitHub Desktop.
Save bmatthewshea/7d5b96763607738df9cadb17df48ec00 to your computer and use it in GitHub Desktop.
Add gpg key for Debian/Ubuntu repo - New format

apt-key add (key) is deprecated

On Debian Bookworm when running apt-key add.

NOTE: RSPAMD is only used as an example. This method should work for any deprecated install instructions for apt-key.

While executing:
wget -O- https://rspamd.com/apt-stable/gpg.key | apt-key add -

The following is observed:

"Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details."

Resolution:

  1. Find the badly placed key:

    apt-key list
    
  2. Delete badly placed key from apt-key:

    sudo apt-key del "3FA3 47D5 E599 BE45 95CA  2576 FFA2 32ED BF21 E25E"
    
  3. Redownload key and place gpg file in proper place:

    curl --silent https://rspamd.com/apt-stable/gpg.key | sudo gpg --dearmor --yes --output /etc/apt/keyrings/rspamd.gpg
    
  4. Add the 'signed-by' option in your Apt source.list.d/rspamd.list:

    echo 'deb [signed-by=/etc/apt/keyrings/rspamd.gpg] http://rspamd.com/apt-stable/ bookworm main' | sudo tee /etc/apt/sources.list.d/rspamd.list
    

Note: Use #4 (preferred) -or- #5 (YOU DO NOT NEED BOTH)

  1. To do this less securely, create an 'asc' plaintext public key file from the given gpg file for trust:

    sudo sh -c 'gpg --keyring /etc/apt/keyrings/rspamd.gpg --no-default-keyring --export -a > /etc/apt/trusted.gpg.d/rspamd.asc'
    
  2. Complete:

    admin@localhost $ sudo apt update
    Get:1 file:/etc/apt/mirrors/debian.list Mirrorlist [38 B]
    Get:2 file:/etc/apt/mirrors/debian-security.list Mirrorlist [47 B]
    Hit:3 https://cdn-aws.deb.debian.org/debian bookworm InRelease
    Hit:4 https://cdn-aws.deb.debian.org/debian bookworm-updates InRelease
    Hit:5 https://cdn-aws.deb.debian.org/debian bookworm-backports InRelease
    Hit:6 https://cdn-aws.deb.debian.org/debian-security bookworm-security InRelease
    Hit:7 https://rspamd.com/apt-stable bookworm InRelease
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    

This fixes the official apt-key install located here: https://rspamd.com/downloads.html (Instructions now fixed! 15Mar2024)


Another example for Google "Coral Edge TPU":

sudo apt-key del "35BA A0B3 3E9E B396 F59C  A838 C0BA 5CE6 DC63 15A3"
sudo apt-key del "A362 B822 F6DE DC65 2817  EA46 B53D C80D 13ED EF05"
curl --silent https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --dearmor --yes --output /etc/apt/keyrings/google-packages.gpg
echo "deb [signed-by=/etc/apt/keyrings/google-packages.gpg] https://packages.cloud.google.com/apt coral-edgetpu-stable main" | sudo tee -a /etc/apt/sources.list.d/google-packages.list
sudo apt update

Hit:1 https://download.docker.com/linux/debian bookworm InRelease
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Hit:3 http://deb.debian.org/debian bookworm InRelease
Hit:4 http://deb.debian.org/debian bookworm-updates InRelease
Hit:5 https://packages.cloud.google.com/apt coral-edgetpu-stable InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

This fixes the official apt-key install located here: https://coral.ai/docs/accelerator/get-started/ (Still broken as of 15Mar2024)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment