Opened 4 years ago
Last modified 4 years ago
#22148 closed task
debian package: apt-key is deprecated; new installation commands need to be documented — at Version 3
| Reported by: | skyper | Owned by: | team |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | Wiki content | Version: | |
| Keywords: | linux package install apt-key gpg security | Cc: |
Description (last modified by )
The command to download and store the gpg-key for the ubuntu package need to be updated under Download as apt-key add is deprecated as insecure, see https://manpages.debian.org/testing/apt/apt-key.8.en.html.
According to https://wiki.debian.org/DebianRepository/UseThirdParty?action=show&redirect=RepositoryInstructions#OpenPGP_Key_distribution the key should not be ascii-amored and stored in a separate directory beside /etc/apt/trusted.gpg.d/, e.g. /usr/local/share/keyring/, which might not exist so far, see https://wiki.debian.org/DebianRepository/UseThirdParty?action=show&redirect=RepositoryInstructions#Sources.list_entry
As this change only changed the commands but not the underlying security issue, I reverted it.
- The command to remove the key from
/etc/apt/trusted.gpgand/etc/apt/trusted.gpg.d/is something like
sudo apt-key del $(apt-key finger | grep -B1 "<josm-dev@openstreetmap.org>"| sed '$d' | cut -b 48-51,53-57)
Change History (3)
comment:1 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 4 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 4 years ago
| Description: | modified (diff) |
|---|
