#apt-key is deprecated. how do I transfer a key I just installed with apt-key to the proper location?

1 messages · Page 1 of 1 (latest)

mellow belfry Mar 22, 2024, 12:36 AM

Basically just the title.

A guide suggests:

sudo apt-key export <end of key> | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/<application name>.gp

but implies that this is not the "proper" way to do this. The section on the recommended way doesn't seem to explain what to do if you already have the key.

mellow belfry Mar 22, 2024, 1:18 AM

so recap from what I've learned in the last 30 minutes

for the last few years, apt-key has been deprecated.

you're supposed to put the key in /usr/share/keyrings or /etc/apt/keyrings manually

/usr/share/keyrings is for keys "managed by" a package, whatever that means.

/etc/apt/keyrings is for keyrings you update yourself.

if you put something in /usr/share/keyrings it might need to have a certain name????

mellow belfry Mar 22, 2024, 1:21 AM

mellow belfry you're supposed to put the key in `/usr/share/keyrings` or `/etc/apt/keyrings` m...

a lot of articles recommend /etc/apt/trusted.gpg.d, but this is actually wrong and doesn't fix shit

except making the warning go away, I guess.

that's the problem with this security fix

it's so annoying to solve on your own if the instructions use apt-key that you'll probably give up after witnessing

sudo mkdir -m 0755 -p /etc/apt/keyrings/

curl -fsSL https://example.com/EXAMPLE.gpg |
    sudo gpg --dearmor -o /etc/apt/keyrings/EXAMPLE.gpg

echo "deb [signed-by=/etc/apt/keyrings/EXAMPLE.gpg] https://example.com/apt stable main" |
    sudo tee /etc/apt/sources.list.d/EXAMPLE.list > /dev/null

and just use apt-key anyway

fortunately with virtualbox they did actually clarify that it's /usr/share/keyrings

the guide I read is just crap and used apt-key despite being written like at least three years after it was deprecated

so guide for anyone else with this problem

do apt-key list

find the key you installed

get the last eight characters of the long hexadecimal string

sudo apt-key del <last eight characters without the space>
alternatively I think you can do it like
sudo apt-key del <full hex string in double quotes>

if you want to be careful

you might also be able to use the attached email but be very careful with that one

then download the keys to the proper location (not /etc/apt/trusted.gpg.d if you can help it), making sure to use gpg dearmor