Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ubuntu 22 stores GPG-keys for package verification differently #64

Open
plettich opened this issue Aug 11, 2023 · 4 comments
Open

Ubuntu 22 stores GPG-keys for package verification differently #64

plettich opened this issue Aug 11, 2023 · 4 comments

Comments

@plettich
Copy link
Contributor

Since Ubuntu 22.04 (Apt 2.4) the default way of adding package signing keys is deprecated and results in a warning during an apt update.
We should adapt the repository file and documentation accordingly:
https://manpages.ubuntu.com/manpages/jammy/man8/apt-key.8.html#deprecation
@pablo-knight
Copy link
Contributor

pablo-knight commented Aug 14, 2023
edited
Loading

This Example should work.

curl -fsSL \
https://lancelot.netknights.it/NetKnights-Release.asc \
| gpg --dearmor > /usr/share/keyrings/NetKnights.gpg

echo "deb [signed-by=/usr/share/keyrings/NetKnights.gpg] http://lancelot.netknights.it/community/jammy/stable jammy main" >> /etc/apt/sources.list

@plettich
Copy link
Contributor Author

plettich commented Aug 15, 2023
edited
Loading

This Example should work.

curl -fsSL \
https://lancelot.netknights.it/NetKnights-Release.asc \
| gpg --dearmor > /usr/share/keyrings/NetKnights.gpg

The Man-page recommends /etc/apt/keyrings/ for the location of additional keys.

echo "deb [signed-by=/usr/share/keyrings/NetKnights.gpg] http://lancelot.netknights.it/community/jammy/stable jammy main" >> /etc/apt/sources.list

Should we add this to the Downloadinfo for jammy as well?

@pablo-knight
Copy link
Contributor

Yes, we should adopt this as you suggested to the Downloadinfo. (/etc/apt/keyrings/)
This should be the regular install guide for ubuntu 22 installations.

@plettich
Copy link
Contributor Author

Yes, we should adopt this as you suggested to the Downloadinfo. (/etc/apt/keyrings/) This should be the regular install guide for ubuntu 22 installations.

I checked for Ubuntu 22 and 24:
We can get the key with curl --output-dir /etc/apt/keyrings -O https://lancelot.netknights.it/NetKnights-Release.asc
and use it either with:
deb [signed-by=/etc/apt/keyrings/NetKnights-Release.asc] http://lancelot.netknights.it/community/noble/devel noble main in /etc/apt/sources.list.d/privacyidea.list
or with

Types: deb
URIs: http://lancelot.netknights.it/community/noble/devel
Suites: noble
Components: main
Signed-By: /etc/apt/keyrings/NetKnights-Release.asc

in /etc/apt/sources.list.d/privacyidea.sources.

Or we can integrate the key directly in the sources file and provide the file like this:

Types: deb
URIs: http://lancelot.netknights.it/community/noble/devel
Suites: noble
Components: main
Signed-By:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 .
 mQINBFka/rsBEADmBd9PyS9Bcmaw/DCE2MjHRhe8ASG2MEjIyq4dCuE23pq6vuSj
 ...

All of this disables the warning message when running apt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@plettich @pablo-knight