While updating Debian, I have seen this warning in the last days:
Fetched 11.4 kB in 3s (3,605 B/s)
W: http://www.deb-multimedia.org/dists/testing/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://deb.torproject.org/torproject.org/dists/testing/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
I did read the apt-key manual but I wasn’t very clear how to proceed. So I searched for a bit and found this article. And it was exactly what I needed.
$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2014-03-05 [SC]
A401 FF99 368F A1F9 8152 DE75 5C80 8C2B 6555 8117
uid [ unknown] Christian Marillat <marillat@debian.org>
uid [ unknown] Christian Marillat <marillat@free.fr>
uid [ unknown] Christian Marillat <marillat@deb-multimedia>
uid [ unknown] Christian Marillat <marillat@deb-multimedia.org>
sub rsa4096 2014-03-05 [E]
pub rsa2048 2009-09-04 [SC] [expires: 2024-11-17]
A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89
uid [ unknown] deb.torproject.org archive signing key
sub rsa2048 2009-09-04 [S] [expires: 2022-06-11]
...
...
Export the keys:
$ sudo apt-key export 65558117 | sudo gpg --dearmour -o /usr/share/keyrings/repo-debian-multimedia-testing.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
$
$ sudo apt-key export 886DDD89 | sudo gpg --dearmour -o /usr/share/keyrings/repo-torproject-testing.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
$
BTW, something I keep forgetting is what part of the pub key I needed. It is the last 8 digits (that you can see in the output of apt-key list). And that was mentioned in the article but I didnt pay attention…
Now update “/etc/apt/sources.list” adding “signed-by=/path to file created above” for each repo:
###Debian Multimedia
deb [arch=amd64 signed-by=/usr/share/keyrings/repo-debian-multimedia-testing.gpg] http://www.deb-multimedia.org testing main non-free
###TOR
deb [arch=amd64 signed-by=/usr/share/keyrings/repo-torproject-testing.gpg] http://deb.torproject.org/torproject.org testing main
Update and see if warning is gone:
# aptitude update
Hit http://security.debian.org/debian-security testing-security InRelease
Hit http://deb.debian.org/debian testing InRelease
Ign https://apt.fury.io/netdevops InRelease
Ign https://apt.fury.io/netdevops Release
Hit http://www.deb-multimedia.org testing InRelease
Hit https://dl.google.com/linux/chrome/deb stable InRelease
Hit https://packages.cloud.google.com/apt cloud-sdk InRelease
Hit http://deb.torproject.org/torproject.org testing InRelease
Get: 1 https://apt.fury.io/netdevops Packages
Ign https://apt.fury.io/netdevops Translation-en_GB
Ign https://apt.fury.io/netdevops Translation-en
Ign https://apt.fury.io/netdevops Contents (deb)
Ign https://apt.fury.io/netdevops Contents (deb)
Fetched 11.4 kB in 3s (3,650 B/s)
#
All good
And clean-up before finishing:
$ sudo apt-key del 65558117
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
$ sudo apt-key del 886DDD89
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
$