[Bug 2025116] [NEW] apt-key saves key in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)

Jeffrey Walton 2025116 at bugs.launchpad.net
Tue Jun 27 05:23:39 UTC 2023 

Public bug reported:

Hi Everyone,

I want to install Firefox from Mozilla PPA. I added issued apt-key (from
apt package) to fetch the signing key, and then enabled the PPA in
/etc/apt/sources.list.d/mozillateam-ubuntu-ppa-jammy.list. The apt-key
command used was:

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
9BDB3D89CE49EC21

Then, upon apt-get update:

    # sudo apt-get update
    Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
    ...
    Reading package lists... Done
    W: https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

-----

In the old days, we were supposed to put keys at /etc/apt/trusted.gpg.d.
If I am parsing things correctly nowadays... a new method is supposed to
be used: adding [signed-by=<path>] to the sources.list line and putting
the key in /usr/share/keyrings or /etc/apt/keyrings [1].

[1] https://lists.debian.org/debian-user/2023/06/msg00722.html

-----

A related bug appears to be
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-
upgrader/+bug/1995825. The 1995825 appears to trigger after an upgrade.
For me, this is a fresh install. There was no upgrade.

-----

This is Ubuntu 22.04 LTS, x86_64, fully patched.

    $ lsb_release -a
    No LSB modules are available.
    Distributor ID: Ubuntu
    Description:    Ubuntu 22.04.2 LTS
    Release:        22.04
    Codename:       jammy

-----

    $ dpkg -S /usr/bin/apt-key
    apt: /usr/bin/apt-key

    $ apt-cache show apt
    Package: apt
    Architecture: amd64
    Version: 2.4.9
    Priority: important
    Section: admin
    Origin: Ubuntu
    Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
    Original-Maintainer: APT Development Team <deity at lists.debian.org>
    Bugs: https://bugs.launchpad.net/ubuntu/+filebug
    Installed-Size: 4156
    Provides: apt-transport-https (= 2.4.9)
    Depends: adduser, gpgv | gpgv2 | gpgv1, libapt-pkg6.0 (>= 2.4.9), ubuntu-keyring, libc6 (>= 2.34),     libgcc-s1 (>= 3.3.1), libgnutls30 (>= 3.7.0), libseccomp2 (>= 2.4.2), libstdc++6 (>= 11), libsystemd0
    Recommends: ca-certificates

** Affects: apt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2025116

Title:
  apt-key saves key in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)

Status in apt package in Ubuntu:
  New

Bug description:
  Hi Everyone,

  I want to install Firefox from Mozilla PPA. I added issued apt-key
  (from apt package) to fetch the signing key, and then enabled the PPA
  in /etc/apt/sources.list.d/mozillateam-ubuntu-ppa-jammy.list. The apt-
  key command used was:

      sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
  9BDB3D89CE49EC21

  Then, upon apt-get update:

      # sudo apt-get update
      Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
      ...
      Reading package lists... Done
      W: https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

  -----

  In the old days, we were supposed to put keys at
  /etc/apt/trusted.gpg.d. If I am parsing things correctly nowadays... a
  new method is supposed to be used: adding [signed-by=<path>] to the
  sources.list line and putting the key in /usr/share/keyrings or
  /etc/apt/keyrings [1].

  [1] https://lists.debian.org/debian-user/2023/06/msg00722.html

  -----

  A related bug appears to be
  https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-
  upgrader/+bug/1995825. The 1995825 appears to trigger after an
  upgrade. For me, this is a fresh install. There was no upgrade.

  -----

  This is Ubuntu 22.04 LTS, x86_64, fully patched.

      $ lsb_release -a
      No LSB modules are available.
      Distributor ID: Ubuntu
      Description:    Ubuntu 22.04.2 LTS
      Release:        22.04
      Codename:       jammy

  -----

      $ dpkg -S /usr/bin/apt-key
      apt: /usr/bin/apt-key

      $ apt-cache show apt
      Package: apt
      Architecture: amd64
      Version: 2.4.9
      Priority: important
      Section: admin
      Origin: Ubuntu
      Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
      Original-Maintainer: APT Development Team <deity at lists.debian.org>
      Bugs: https://bugs.launchpad.net/ubuntu/+filebug
      Installed-Size: 4156
      Provides: apt-transport-https (= 2.4.9)
      Depends: adduser, gpgv | gpgv2 | gpgv1, libapt-pkg6.0 (>= 2.4.9), ubuntu-keyring, libc6 (>= 2.34),     libgcc-s1 (>= 3.3.1), libgnutls30 (>= 3.7.0), libseccomp2 (>= 2.4.2), libstdc++6 (>= 11), libsystemd0
      Recommends: ca-certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2025116/+subscriptions

More information about the foundations-bugs mailing list