Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning

To: Julian Gilbey <jdg@debian.org>, 968148@bugs.debian.org
Cc: Vincent van Adrighem <vincenta@vanadrighem.eu>
Subject: Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
From: David Kalnischkies <david@kalnischkies.de>
Date: Tue, 2 Feb 2021 10:53:03 +0100
Message-id: <[🔎] 20210202095303.3yhgcn3uetis3354@crossbow>
Reply-to: David Kalnischkies <david@kalnischkies.de>, 968148@bugs.debian.org
In-reply-to: <[🔎] YBf3GWO9qYlIDlIv@d-and-j.net>
References: <CAGHZ3h2v8s15AZL9JWpN3-6E8g4ujLmXRgB5-KJBrkSXWR-vdw@mail.gmail.com> <159911838731.68419.7596801503630862000.reportbug@vincent-xps.vanadrighem.eu> <CAGHZ3h2v8s15AZL9JWpN3-6E8g4ujLmXRgB5-KJBrkSXWR-vdw@mail.gmail.com> <X+z1qgx9PCSghOEK@d-and-j.net> <CAGHZ3h2v8s15AZL9JWpN3-6E8g4ujLmXRgB5-KJBrkSXWR-vdw@mail.gmail.com> <[🔎] YBf3GWO9qYlIDlIv@d-and-j.net> <CAGHZ3h2v8s15AZL9JWpN3-6E8g4ujLmXRgB5-KJBrkSXWR-vdw@mail.gmail.com>

Hi,

On Mon, Feb 01, 2021 at 12:42:01PM +0000, Julian Gilbey wrote:
> I just stumbled upon an "Ask Ubuntu" discussion, which has a very
> clear explanation of (at least some of) the reasons for the
> deprecation of apt-key and what to do instead:
> https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key/1300076#1300076
> 
> Logging it here in the hope that it will be of use to others.

It's Julian (juliank) who runs this deprecation and I have close to zero
interest in third party repositories, so I do not want to bud in on
these BUT that linked accepted answer is really not a good answer…
at least scroll a bit down and read the others if you really must.

In my opinion this isn't something a user has to concern itself with
though. The 3rd party repository has to explain how it can be added and
incidently that will be and always was at least slightly different for
all of them as they are all slightly different in what they provide and
how (flat vs. dists repo, binary or ascii key, keyring package or not,
name of components, pinning, …). If a repository has no documentation on
how to properly use it, I at least wouldn't dare to use it… (but I don't
use any, so there is that…).

See e.g. https://wiki.debian.org/DebianRepository/UseThirdParty

That wiki page says APT isn't supporting ASCII armored keys, but it does
nowadays – but as this isn't universally true for all apt versions still
in existence/use it's fine for now to pretend otherwise I guess.

So, not saying that is a good idea, but to achieve what the accepted
answer does without the potential failure modes this has (thanks to
particularities with the invocation of gnupg in different versions –
which might not even be installed but would need to be for apt-key):

$ sudo /usr/lib/apt/apt-helper download-file 'https://download.teamviewer.com/download/linux/signature/TeamViewer2017.asc' /etc/apt/trusted.gpg.d/teamviewer.asc

No, I haven't tried it. This is also not an endorsement of that repo,
that key or adding it to trusted.gpg.d directly. Using apt-helper as
I know that is available while wget/curl/whatever might not. Not that
I wouldn't recommend that either – and please don't ask me for some as
the only I am comfortable giving is "Don't use 3rd party repos" and that
is probably not what anyone reading this wants to hear…

Best regards

David Kalnischkies

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
  - From: Julian Gilbey <jdg@debian.org>

References:
- Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
  - From: Julian Gilbey <jdg@debian.org>

Prev by Date: Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
Next by Date: Re: Regarding ideas to replace gpgv with sqv
Previous by thread: Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
Next by thread: Bug#968148: /usr/bin/apt-key: Suggestion for manpage and Warning
Index(es):
- Date
- Thread