I recently created a new Ubuntu 22.04 LTS Linux virtual machine. When I attempted to set up the PostgreSQL server on it, I saw a warning message like the one shown below on the screen:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Even after the warning message appeared, I was able to continue working. The way in which GPG keys are stored has been updated by the Debian developers, using the apt and GnuPG (GPG2) utilities, enhancing system security. You will notice this issue with Ubuntu 22.04 and Debian 11 systems.
Advertisement
The steps below will help you to move the key to a new location:
- The first step is to find out the key id. You can list all the existing keys under trusted.gpg with the following command.
sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg -------------------- pub rsa4096 2011-10-13 [SC] B97B 0AFC AA1A 47F0 44F2 44A0 7FCC 7D46 ACCC 4CF8 uid [ unknown] PostgreSQL Debian Repository
- I need to fix issue for the PostgreSQL repository. So copy the last 8 characters of the key ID and export it with the following command.
sudo apt-key export ACCC4CF8 | sudo gpg --dearmour -o /usr/share/keyrings/pgdg.gpg
- Now edit the Apt repository configuration file like: /etc/apt/sources.list.d/pgdg.list. Add the singed-by tag with the above exported key file, like:
deb [arch=amd64 signed-by=/usr/share/keyrings/pgdg.gpg] http://apt.postgresql.org/pub/repos/apt/ jammy-pgdg main
- Now you can delete the key from trusted.gpg:
sudo apt-key del ACCC4CF8
Hopefully, this quick how-to tutorial helps you to resolve your issues. You can also follow the same instructions to resolve similar issues in other repositories.
5 Comments
Thanks a lot.. This post is so helpful.
Please keep going.. 🙂
I dont follow where http://apt.postgresql.org/pub/repos/apt/ came from in step 3 and what I need to replace that with
This is just an example. In your case, it may be another repository than Postgres.
Why place them in /usr/share/keyrings/ vs /etc/apt/trusted.gpg.d/? I see that some keys are stored in /etc/apt/trusted.gpg.d/*.gpg and are automatically picked up by the system including apt-key. But that some keys are stored in /usr/share/keyrings/*.gpg and you have to manually point the /etc/apt/sources.list.d/*.list files to that associated gpg key file, because it’s not automatic.
Wouldn’t automatic be better or at least a one-to-one translation of taking a key out of the /etc/apt/trusted.gpg file and placing it into the /etc/apt/trusted.gpg.d/ directory?
I’m just curious, I can see pro’s and con’s to either approach but I’m still having a hard time understanding the difference to these 2 directories and methods and which is officially supported / preferred by Ubuntu or Debian.
Many thanks for posting this, I found it very helpful and straightforward to follow.