Technology

How to add an OpenPGP repository key, now that apt-key is deprecated

By Naomi Gleit

Jack Wallen shows you how to add GPG repository keys, now that apt-key has been deprecated.

Image: Jack Wallen

For years, I’ve added repository keys to Ubuntu-based Linux distributions with the apt-key command. But recently, that command was deprecated. If you attempt to add a key with apt-key, such as with the command:  

wget -qO - http://deb.opera.com/archive.key | sudo apt-key add -

Now, you’ll see the following warning: “Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead.” What do you do? 

To install certain applications from non-standard repositories, those keys must be added. How do you add them? Unfortunately, it’s not quite as easy as it once was. You’ll still be issuing a command that pipes the downloaded file into another command, with the help of sudo. 

SEE: A guide to The Open Source Index and GitHub projects checklist (TechRepublic Premium)

The confusing part is that you’ll no longer use apt, in any way, to add the key. You’ll be adding the key to your keyring. Let’s stick with our Opera example, although installing Opera via their .deb package automatically installs and configures their repository for you. 

The new way to install the GPG key pipes the output of wget through the tee command like:  

so wget -O- http://deb.opera.com/archive.key | sudo tee /usr/share/keyrings/opera-archive-keyring.gpg

The one caveat is if the key is encrypted, you’ll need to first pipe the output through gpg and then through tee

That command would look something like:  

wget -O- http://deb.opera.com/archive.key | gpg --dearmor | sudo tee /usr/share/keyrings/opera-archive-keyring.gpg 

Running the command without the gpg portion will save a text file with the GPG key, whereas running the command with the gpg portion saves a binary file. 

To make sure Apt can use the key, you need to configure the repository to know where it is. A repository configuration for our Opera example would look something like:  

deb [signed-by=/usr/share/keyrings/opera-archive-keyring.gpg]

It’s not nearly as simple as it once was, but it’s more secure, and that has become crucial in this day of constant attacks and vulnerabilities.

Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Also see

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Naomi Gleit 44838 posts 0 comments
More Stories

The path to generative AI value: Setting the flywheel in…

Scientists developed a sheet of gold that’s just one atom…

Samsung Galaxy A55 vs Vivo V30 Pro: How the two affordable…

1 of 69,744