Re: VirtualBox key is store in deprecated legacy keyring
On Mon, Jun 19, 2023 at 11:15 PM Rick Thomas <rick.thomas@pobox.com> wrote:
>
> I recently upgraded one of my Debian Bullseye machines to Bookworm. The machine's main purpose is to run Virtualbox to allow me to experiment on disposable VMs rather than real hardware.
>
> Now when I do "apt update" I get this message:
> .W: https://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: Key is stored in legacy trusted.gpg
> keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
>
> I've thoroughly RTFM in search of a clue as to how to fix this, but I can't figure out what I'm supposed to do.
>
> Has anybody else seen this? If so, what did you do? And did it help?
I _think_ the key should be stored in its own file under
/etc/apt/trusted.gpg.d. Maybe something like
/etc/apt/trusted.gpg.d/virtual-box.gpg.
Also see https://wiki.debian.org/SecureApt and the part:
apt-key is a program that is used to manage a keyring of OpenPGP keys
for secure apt. The keyring is kept in the file /etc/apt/trusted.gpg
(not to be confused with the related but not very interesting
/etc/apt/trustdb.gpg). apt-key can be used to show the keys in the
keyring, and to add or remove a key. In more recent Debian GNU/Linux
versions (Wheezy, for example), the keyrings are stored in specific
files all located in the /etc/apt/trusted.gpg.d directory. For example,
that directory could contain the following files:
debian-archive-squeeze-automatic.gpg or
debian-archive-wheezy-automatic.gpg. Incidentally, both files are
provided by the debian-archive-keyring package.
Jeff
Reply to: