Deprecation of apt-key in Debian-based distributions

I recently installed an Ubuntu 21.04 and when I wanted to install Atom editor, I was given the following warning about apt-key being deprecated:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

After a bit of Googling around, I stumbled on this post on askubuntu.com explaining why apt-key was being deprecated.

Then the folks at docker.com give a nice easy command to convert an old PGP key in base64 to a keyring.

So here are the commands if you wonder. I will assume it’s your first key.

sudo mkdir /etc/apt/local.trusted.gpg.d
cd /etc/apt/local.trusted.gpg.d
curl https://packagecloud.io/AtomEditor/atom/gpgkey > AtomEditor.key
cat AtomEditor.key | sudo gpg --dearmor --output AtomEditor.gpg

We first create a new directory to store our local keys, it is important to separate them from the keys trusted by apt for everything (which are in /etc/apt/trusted.gpg.d).
Then we download the current key in base64 format.
And then we export that keyring to a gpg file format.
Without these steps, apt will not understand the key file.

Then add the new repository to /etc/apt/sources.list.d almost as usual:

sudo sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/local.trusted.gpg.d/AtomEditor.gpg] https://packagecloud.io/AtomEditor/atom/any/ any main" > /etc/apt/sources.list.d/atom.list'

The key difference is the new option signed-by which references the key. This allows this particular key to only be trusted for Atom repository.

This entry was posted in Computer, Linux, Ubuntu and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.