====== 2021-11-26 - apt-key is dead... finally! ======
today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff:
- find external repo
- add to ''apt'' ''sources.list.d''
- then ''apt-key''
and surprise! deprecation warning! fast-forward 23 seconds and [[https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html|everything is clear]].
it's deprecated because of a fatal design flaw -- keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel...). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed -- only via docker or VM.
so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes:
- wget -O - https://some.custom.repo/key.gpg | gpg --dearmor > /usr/share/keyrings/repo-keyring.gpg
- vi /etc/apt/sources.list.d/repo.list
and there the key part (literally ;)):
deb [signed-by=/usr/share/keyrings/repo-keyring.gpg] https://some.custom.repo/debian bullseye main
followed by usuall:
apt update
apt install my-favourite-custom-package
and done! :)