====== 2021-11-26 - apt-key is dead... finally! ======

today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff:
  - find external repo
  - add to ''apt'' ''sources.list.d''
  - then ''apt-key''
and surprise! deprecation warning! fast-forward 23 seconds and [[https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html|everything is clear]].

it's deprecated because of a fatal design flaw -- keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel...). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed -- only via docker or VM.

so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes:
  - <code>wget -O - https://some.custom.repo/key.gpg | gpg --dearmor > /usr/share/keyrings/repo-keyring.gpg</code>
  - <code>vi /etc/apt/sources.list.d/repo.list</code>

and there the key part (literally ;)):
<code>
deb [signed-by=/usr/share/keyrings/repo-keyring.gpg] https://some.custom.repo/debian bullseye main
</code>

followed by usuall:
<code bash>
apt update
apt install my-favourite-custom-package
</code>

and done! :)