How to solve apt-key deprecated?

Question

I'm using Ubuntu 20.10 and I'm trying to get the latest signature-key and when I do that I get these lines:

root@kubernetes-worker:/home/jonteyh# curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2537  100  2537    0     0  14016      0 --:--:-- --:--:-- --:--:-- 14094
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

I get a warning message here that apt-key is deprecated. How do I solve this?

Is there some way I should remove the file trusted.gpg.d or edit it?

I haven't read through the Ubuntu wiki yet for this, but you might want to see: https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html But, deprecated does not mean that it didn't add the key. The key looks like it probably added just fine for now. — Terrance, Apr 02 '21 at 14:15
I didn't see a problem there other than the deprecated message. Debian will be basically killing apt-key as of April of 2022, so in that link I shared with you it states how to get used to using the `signed-by` for the repositories moving forward. — Terrance, Apr 02 '21 at 14:25
Nice @Terrance that was good news that Debian is going to remove apt-key! — Jonte YH, Apr 02 '21 at 14:27
@Terrance I think you've answered the question quite thoroughly in your comments here - would you care to post an answer? — Zanna, Apr 03 '21 at 07:04
@Terrance i have commented that you should have the Thanks if this answer is helpful to anyone! — Jonte YH, Apr 03 '21 at 14:15

Jonte YH · Accepted Answer · 2021-04-03T14:14:13.517

It looks like apt-key is deprecated from @Terrance. Read this link https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html

In that link it states that Debian will be ending apt-key as of April 2022. For now apt-key still works as shown in the output in the question where it stated OK which means that the key was imported.

In the future it is recommended to do the signed-by with the repositories that you are adding.

All of this answer is from the link reworded.

First, download the key in question:

For ASCII type keys do it in this form:

wget -O- <https://example.com/key/repo-key.gpg> | gpg --dearmor | sudo tee /usr/share/keyrings/<myrepository>-archive-keyring.gpg

or

curl <https://example.com/key/repo-key.gpg> | gpg --dearmor > /usr/share/keyrings/<myrepository>-archive-keyring.gpg

For non-ASCII type keys do it in this form:

wget -O- <https://example.com/key/repo-key.gpg> | sudo tee /usr/share/keyrings/<myrepository-archive-keyring.gpg>

Or you can get your keys from a keyserver like so:

sudo gpg --no-default-keyring --keyring /usr/share/keyrings/<myrepository>-archive-keyring.gpg --keyserver <hkp://keyserver.ubuntu.com:80> --recv-keys <fingerprint>

All keys will be stored in /usr/share/keyrings/ folder. You can use those keys when you add your repo with the signed-by option to your sources.list file:

deb [signed-by=/usr/share/keyrings/<myrepository>-archive-keyring.gpg] <https://repository.example.com/debian/ stable main>

Or you can add the arch=amd64 in the same fashion:

deb [arch=amd64 signed-by=/usr/share/keyrings/<myrepository>-archive-keyring.gpg] <https://repository.example.com/debian/ stable main>

If this is helpful give thanks to @Terrance

those are some really ugly commands compared to gpg --export somekey | apt-key add - What is the exact equivalent? It is hard to figure from the above for me at least. — sjatkins, Apr 13 '22 at 22:12
@sjatkins Please if you are not satisfied you can change this please?? — Jonte YH, Apr 15 '22 at 12:17
Using `curl WEBSITE | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/FILE.gpg` is better than `curl WEBSITE | sudo gpg --dearmour > /etc/apt/trusted.gpg.d/FILE.gpg`. I found that using `>` causes permission errors sometimes. — mbomb007, Jul 12 '22 at 20:44

How to solve apt-key deprecated?

1 Answers1