[Bug 2025116] Re: apt-key saves key in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)

Julian Andres Klode 2025116 at bugs.launchpad.net
Tue Jun 27 07:38:11 UTC 2023 

This is not correct, apt-key is deprecated *because it requires gpg*,
not in favor of gpg, and gpg is not installed anymore, since we
specifically reworked the packaging to get a small minimal gpgv for
verification.

There is no way to fix apt-key as it requires gpg and is fundamentally
misaligned with the shift from managing gpg keys to key files.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/2025116

Title:
  apt-key saves key in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)

Status in apt package in Ubuntu:
  Invalid

Bug description:
  Hi Everyone,

  I want to install Firefox from Mozilla PPA. I added issued apt-key
  (from apt package) to fetch the signing key, and then enabled the PPA
  in /etc/apt/sources.list.d/mozillateam-ubuntu-ppa-jammy.list. The apt-
  key command used was:

      sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
  9BDB3D89CE49EC21

  Then, upon apt-get update:

      # sudo apt-get update
      Hit:1 http://us.archive.ubuntu.com/ubuntu jammy InRelease
      ...
      Reading package lists... Done
      W: https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

  -----

  In the old days, we were supposed to put keys at
  /etc/apt/trusted.gpg.d. If I am parsing things correctly nowadays... a
  new method is supposed to be used: adding [signed-by=<path>] to the
  sources.list line and putting the key in /usr/share/keyrings or
  /etc/apt/keyrings [1].

  [1] https://lists.debian.org/debian-user/2023/06/msg00722.html

  -----

  A related bug appears to be
  https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-
  upgrader/+bug/1995825. The 1995825 appears to trigger after an
  upgrade. For me, this is a fresh install. There was no upgrade.

  -----

  This is Ubuntu 22.04 LTS, x86_64, fully patched.

      $ lsb_release -a
      No LSB modules are available.
      Distributor ID: Ubuntu
      Description:    Ubuntu 22.04.2 LTS
      Release:        22.04
      Codename:       jammy

  -----

      $ dpkg -S /usr/bin/apt-key
      apt: /usr/bin/apt-key

      $ apt-cache show apt
      Package: apt
      Architecture: amd64
      Version: 2.4.9
      Priority: important
      Section: admin
      Origin: Ubuntu
      Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
      Original-Maintainer: APT Development Team <deity at lists.debian.org>
      Bugs: https://bugs.launchpad.net/ubuntu/+filebug
      Installed-Size: 4156
      Provides: apt-transport-https (= 2.4.9)
      Depends: adduser, gpgv | gpgv2 | gpgv1, libapt-pkg6.0 (>= 2.4.9), ubuntu-keyring, libc6 (>= 2.34),     libgcc-s1 (>= 3.3.1), libgnutls30 (>= 3.7.0), libseccomp2 (>= 2.4.2), libstdc++6 (>= 11), libsystemd0
      Recommends: ca-certificates

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2025116/+subscriptions

More information about the foundations-bugs mailing list