Facebook X (Twitter) Instagram
    TecAdmin
    • Home
    • FeedBack
    • Submit Article
    • About Us
    Facebook X (Twitter) Instagram
    TecAdmin
    You are at:Home»General Articles»(Resolved) Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead

    (Resolved) Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead

    By RahulSeptember 1, 20223 Mins Read

    With the latest version of Ubuntu 22.04 and Debian 11, users start getting a warning message during the GPG key import that “Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))“. The apt-key stores the key file in /etc/apt/trusted.gpg or /etc/apt/trusted.gpg.d. In that case, a single key is also trusted for other repositories configured on your system. That creates security issues for the repositories on your systems. To overcome this issue, Ubuntu 22.04 and Debian 11 prompted to manage OpenPGP as keyring files.

    Even if this is a warning message, you can continue to use apt-key, but it will be removed in the next releases. So it will be a good idea to start using the new way.

    Problem:

    As of today, we use the following command to add a GPG key to our system. It was working fine. While running the same command on Ubuntu 22.04, I got a warning message:

    curl https://download.webmin.com/jcameron-key.asc | sudo apt-key add - 
    

    You should see the following output:

    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    OK
    

    Solution:

    Here is the new way of adding GPG keys to the system and avoiding the above warning.

    1. Import GPG Key
    2. You can choose any one of the below optins to import GPG key system keyrings.

      • Method 1: The following command will download a remote GPG key, encrypt it and save it under the /usr/share/keyrings directory.
        wget -nc https://download.webmin.com/jcameron-key.asc 
        cat jcameron-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1 
        
      • Method 2: We can also use the install command that is used by the operating system to install files to filesystem.
        wget -nc https://download.webmin.com/jcameron-key.asc 
        cat jcameron-key.asc| gpg --dearmor  > jcameron-key.gpg 
        sudo install -o root -g root -m 644 jcameron-key.gpg /usr/share/keyrings/ 
        
      • Method 3: Instead of using multiple commands, you can merge them and use a single line command like:
        curl https://download.webmin.com/jcameron-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/jcameron-key.gpg > /dev/null 2>&1 
        

    3. Update PPA
    4. Next is to edit the repository configuration file (For eg: /etc/apt/sources.list.d/webmin.list) with a signed-by tag. That will define the gpg key stored in keyrings for your repository.

      deb [signed-by=/usr/share/keyrings/jcameron-key.gpg] https://download.webmin.com/download/repository sarge contrib
      

      You can see that the above repository configuration file referenced the GPG file ([signed-by=/usr/share/keyrings/jcameron-key.gpg]) stored in keyrings. That will restrict the packages to verify with this file only.

      Now, you can update the cache with “apt update” and continue with the package installation.

    Important Note: If you are still getting the error “Key is stored in legacy trusted.gpg keyring“. Then you may already have the key stored under trusted.gpg keyring. To solve this visit: https://tecadmin.net/resolved-key-is-stored-in-legacy-trusted-gpg-keyring/

    Conclusion

    To enhance the security of your system, the latest Ubuntu system prefers to store GPG keys under keyrings. Also defined the key in the repository configuration to avoid the use of other keys.

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp

    Related Posts

    Difference Between Full Virtualization vs Paravirtualization

    Virtualization vs. Containerization: A Comparative Analysis

    Using .env File in FastAPI

    View 3 Comments

    3 Comments

    1. johnny on November 21, 2022 10:38 am

      I don’t have webmin installed should I get it?

      Reply
      • Rahul on November 22, 2022 9:17 am

        Webmin is just for example only.

        Reply
    2. pineapple on August 17, 2022 8:04 am

      Getting this error

      zsh: permission denied: /usr/share/keyrings/jcameron-key.gpg

      Reply

    Leave A Reply Cancel Reply

    Advertisement
    Recent Posts
    • Difference Between Full Virtualization vs Paravirtualization
    • Virtualization vs. Containerization: A Comparative Analysis
    • Using .env Files in Django
    • Using .env File in FastAPI
    • Setting Up Email Notifications for Django Error Reporting
    Facebook X (Twitter) Instagram Pinterest
    © 2023 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.