Skip to content

Instantly share code, notes, and snippets.

@colematt

colematt/fix-apt-key-deprecation-warnings.md

Last active August 23, 2023 21:41
Show Gist options
  • Save colematt/02857387e0f98a0f30eb420c69d3de6f to your computer and use it in GitHub Desktop.
Save colematt/02857387e0f98a0f30eb420c69d3de6f to your computer and use it in GitHub Desktop.
Download ZIP
[Fix apt-key deprecation warnings] #ubuntu
Raw
fix-apt-key-deprecation-warnings.md

When updating using apt-update, you get the following warnings:

$ sudo apt update
[sudo] password for matthew: 
...
Hit:10 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease                   
Fetched 9,870 B in 1s (7,957 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see them.
W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

One way to resolve this is to export the GPG key from the deprecated keyring and store it in /usr/share/keyrings. Fortunately, it's not too difficult:

$ sudo apt-key list
[sudo] password for matthew: 
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

pub   rsa4096 2014-01-13 [SCEA] [expired: 2019-01-12]
      418A 7F2F B0E1 E6E7 EABF  6FE8 C2E7 3424 D590 97AB
uid           [ expired] packagecloud ops (production key) <ops@packagecloud.io>

pub   rsa4096 2016-02-18 [SCEA]
      DB08 5A08 CA13 B8AC B917  E0F6 D938 EC0D 0386 51BD
uid           [ unknown] https://packagecloud.io/slacktechnologies/slack (https://packagecloud.io/docs#gpg_signing) <support@packagecloud.io>
sub   rsa4096 2016-02-18 [SEA]
...

# `038651BD` is the last eight digits of `pub` key signature for slack
$ sudo apt-key export 038651BD | sudo gpg --dearmour -o /usr/share/keyrings/slack.gpg

# Add the "signed by" tag to the existing .list apt source file,
# corresponding to the output path from the previous command
$ sudo cat /etc/apt/sources.list.d/slack.list
deb [arch=amd64] https://packagecloud.io/slacktechnologies/slack/debian/ jessie main
$ sudo echo "deb [arch=amd64 signed-by=/usr/share/keyrings/slack.gpg] https://packagecloud.io/slacktechnologies/slack/debian/ jessie main" > /etc/apt/sources.list.d/slack.list

# Confirm the warnings are gone
$ sudo apt update
...
Hit:10 https://packagecloud.io/slacktechnologies/slack/debian jessie InRelease                   
Fetched 9,870 B in 1s (7,957 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see them.

# Delete the original key
$ sudo apt-key del 038651BD
[sudo] password for matthew: 
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

See Also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment