As per man 8 apt-key
‘s deprecation note, the /etc/apt/trusted.gpg
file managed by apt-key
is now deprecated.
New keys should be added to /usr/share/keyrings
is this way:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg \
| gpg --dearmor \
| sudo tee /usr/share/keyrings/docker-ce-archive-keyring.gpg \
> /dev/null
This key can then be used in the source definition in this way:
deb [arch=amd64 signed-by=/usr/share/keyrings/docker-ce-archive-keyring.gpg] https://download.docker.com/linux/ubuntu jammy stable
Now, if you have a bunch of keys in /etc/apt/trusted.gpg
and don’t fancy looking it up where they are from, you can do something like this:
- Use
gpg --keyring /etc/apt/trusted.gpg --list-keys
to get your list, one entry might look like this:
pub rsa2048 2014-12-29 [SC]
37C84554E7E0A261E4F76E1ED26E6ED000654A3E
uid [ unknown] Syncthing Release Management <release@syncthing.net>
sub rsa2048 2014-12-29 [E]
sub rsa4096 2015-05-11 [S] [expires: 2025-05-08]
The 37C84554E7E0A261E4F76E1ED26E6ED000654A3E
in the second line is the key id.
- Decide on a filename for the key, eg.
syncthing-apt.gpg
- Export the key
gpg --keyring /etc/apt/trusted.gpg --export 37C84554E7E0A261E4F76E1ED26E6ED000654A3E \
| sudo tee /usr/share/keyrings/syncthing-apt.gpg > /dev/null
- Update the source definition by adding
signed-by=/usr/share/keyrings/syncthing-apt.gpg
option-value pair
--- /etc/apt/sources.list.d/syncthing-release.list.orig 2023-07-12 07:49:21.682281426 +0200
+++ /etc/apt/sources.list.d/syncthing-release.list 2024-07-04 06:40:56.628558228 +0200
@@ -1 +1 @@
-deb [arch=amd64] http://apt.syncthing.net/ syncthing release
+deb [arch=amd64 signed-by=/usr/share/keyrings/syncthing-apt.gpg] http://apt.syncthing.net/ syncthing release
- Remove the key from the old keyring
sudo gpg --keyring /etc/apt/trusted.gpg --delete-key 37C84554E7E0A261E4F76E1ED26E6ED000654A3E
- Rinse and repeat until you added all the keys you still use
Inspired by: https://github.com/docker/docs/issues/11625 and https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html