--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Please document adding keys to /etc/apt/trusted.gpg.d/ in detail
- From: Lee Garrett <debian@rocketjump.eu>
- Date: Wed, 29 Dec 2021 12:30:40 +0100
- Message-id: <164077744075.38718.12520800227002167245.reportbug@batou>
Package: apt
Version: 2.2.4
Severity: normal
X-Debbugs-Cc: debian@rocketjump.eu
Hi,
I noticed that apt-key(8) prominently mentions being deprecated. However, the
alternative is only mentioned in a single sentence under the "add" parameter,
which is easily overseen. It would be great if the knowledge in [0] is poured
into a man page to point users to. Specifically, I'd add a full section about
key management to apt(8) or sources.list(5), and that ascii-armored keys need
the .asc extension, binary encoded keys use need the .gpg extension, which
Debian releases support which, and how to verify that the key is accepted.
Thanks in advance!
Regards,
Lee
[0] https://blog.jak-linux.org/2021/06/20/migrating-away-apt-key/
-- Package-specific info:
-- (no /etc/apt/preferences present) --
-- (no /etc/apt/preferences.d/* present) --
-- (/etc/apt/sources.list present, but not submitted) --
-- (/etc/apt/sources.list.d/chef-stable.list present, but not submitted) --
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.15.11 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apt depends on:
ii adduser 3.118
ii debian-archive-keyring 2021.1.1
ii gpgv 2.2.27-2
ii libapt-pkg6.0 2.2.4
ii libc6 2.31-13+deb11u2
ii libgcc-s1 10.2.1-6
ii libgnutls30 3.7.1-5
ii libseccomp2 2.5.1-1+deb11u1
ii libstdc++6 10.2.1-6
ii libsystemd0 247.3-6
Versions of packages apt recommends:
ii ca-certificates 20210119
Versions of packages apt suggests:
pn apt-doc <none>
ii aptitude 0.8.13-3
ii dpkg-dev 1.20.9
ii gnupg 2.2.27-2
ii powermgmt-base 1.36
ii synaptic 0.90.2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: apt
Source-Version: 2.4.0
Done: Julian Andres Klode <jak@debian.org>
We believe that the bug you reported is fixed in the latest version of
apt, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1002820@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julian Andres Klode <jak@debian.org> (supplier of updated apt package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Feb 2022 20:00:46 +0100
Source: apt
Architecture: source
Version: 2.4.0
Distribution: unstable
Urgency: medium
Maintainer: APT Development Team <deity@lists.debian.org>
Changed-By: Julian Andres Klode <jak@debian.org>
Closes: 930295 1002820 1004931
Changes:
apt (2.4.0) unstable; urgency=medium
.
[ Jörn-Thorben Hinz ]
* Provide the same bash-completions for autopurge as for autoremove
* Provide bash-completions for reinstall (same as for install)
(Closes: #930295)
* Don’t bash-complete package names before the command word
.
[ Boyuan Yang ]
* Simplified Chinese program translation update (Closes: #1004931)
.
[ David Kalnischkies ]
* Allow --solver apt to work on apt satisfy
.
[ Julian Andres Klode ]
* Install an empty /etc/apt/keyrings directory.
This directory is intended to provide an alternative to
/usr/share/keyrings for placing keys used with signed-by.
* Warn if the legacy trusted.gpg keyring is used for verification
.
[ Paul Wise ]
* bugscript: switch to POSIX shell, quoting, other improvements
.
[ Croydon ]
* Readme: Default branch is now main
.
[ Johannes Schauer Marin Rodrigues ]
* doc/apt-key.8.xml: document alternatives to apt-key add (Closes: #1002820)
Checksums-Sha1:
050013f36ac1e16bf6e13d737f4b21aa5e154a77 2797 apt_2.4.0.dsc
be4a53397962ebd879457ccdddf3a5a5ac081b4b 2215520 apt_2.4.0.tar.xz
f984e12a583e7b5824be72644136da5d788a8da4 7441 apt_2.4.0_source.buildinfo
Checksums-Sha256:
31ff7e82a40f14dc973724167fea4561e064fdc5f9de269ff7e676a32f892817 2797 apt_2.4.0.dsc
728c69df369cbc4a55f91fc2817fe9832c1a2f39de4142e7ef222c5158f234af 2215520 apt_2.4.0.tar.xz
bd5f63b0a61c17383def31de014f6ef0a78748a4bdd16792c6ef3398240f6ed9 7441 apt_2.4.0_source.buildinfo
Files:
8a2e03235a79fa3c7ee0e4faaf815b75 2797 admin important apt_2.4.0.dsc
649062710cb3cbb83bd16f53146f8d0b 2215520 admin important apt_2.4.0.tar.xz
26fe12794b2043a2324f4d9830d4785b 7441 admin important apt_2.4.0_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEET7WIqEwt3nmnTHeHb6RY3R2wP3EFAmIVM14PHGpha0BkZWJp
YW4ub3JnAAoJEG+kWN0dsD9x5fEP/3WEd6aRiSbzHC63GViOPYp9Yn0pTHU/RDj6
xTG8Q71FML5xoz71FwccNdAsoKD/kOHNMTZTPBDWpQU5xh7VVUZHjAiWpYXpDDpj
ulbpiwgfO9Ty/fWwG/Ui0sEFyMaI35GRZtOzTCfVQeXrXW632pnjpsgXiIphwxWr
49x4CeOPQJVnV4a19AKai2XGeEPNkcEOs9EgSpDm/9IQzdAXPmQWPlbmSyg8tidU
l3YfvQNdCqgmb2rJJDG72me5CtjsUrkf8Vzhk7B281gEZBVGOi6sQ5WnQuFRKvuC
AxsmDy7/OLyRXU8Acw6lwz5EDcL2zn7Se5yGtQLaM8GHJuqc8wrm8Iwo01kz+WG8
O+VEM9gL8sYG+syyH9FMlPCQ2DDYF3uO62xqLa4eSYz6HZ5no9F0mxjpJODnW8H2
O7XsxxzuzqkdVahLBqzhmEXmh20i1ki59OTWmrtmbVIDVGGaO16UqFcR8jWVmLoJ
6G+FKoDlj32zjpVJuMfa3dcWZl2l0jAhbCi954j9cmxRc/Crt6U/mWZu6MfpIXXi
laZ3GHxvmGCbCbleWzCxjZEFkVsrtUdnbnP4HI8+sO4AwBBrcjaLFcBXEOPjoIhl
jUxHnaAHhrdzdaViaqbhn1SLX1HVsA/ijrKgHaVvD4W/lCGR+rwuw1pAUYMLfT7j
DuCx8KvY
=l6tM
-----END PGP SIGNATURE-----
--- End Message ---