Differences

This shows you the differences between two versions of the page.

Link to this comparison view

blog:2021:11:26:2021-11-26_-_apt-key_is_dead..._finally [2021/11/26 20:14] (current)
basz created
Line 1: Line 1:
 +====== 2021-11-26 - apt-key is dead... finally! ======
  
 +today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff:
 +  - find external repo
 +  - add to ''​apt''​ ''​sources.list.d''​
 +  - then ''​apt-key''​
 +and surprise! deprecation warning! fast-forward 23 seconds and [[https://​www.linuxuprising.com/​2021/​01/​apt-key-is-deprecated-how-to-add.html|everything is clear]].
 +
 +it's deprecated because of a fatal design flaw -- keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel...). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed -- only via docker or VM.
 +
 +so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes:
 +  - <​code>​wget -O - https://​some.custom.repo/​key.gpg | gpg --dearmor > /​usr/​share/​keyrings/​repo-keyring.gpg</​code>​
 +  - <​code>​vi /​etc/​apt/​sources.list.d/​repo.list</​code>​
 +
 +and there the key part (literally ;)):
 +<​code>​
 +deb [signed-by=/​usr/​share/​keyrings/​repo-keyring.gpg] https://​some.custom.repo/​debian bullseye main
 +</​code>​
 +
 +followed by usuall:
 +<code bash>
 +apt update
 +apt install my-favourite-custom-package
 +</​code>​
 +
 +and done! :)
blog/2021/11/26/2021-11-26_-_apt-key_is_dead..._finally.txt ยท Last modified: 2021/11/26 20:14 by basz
Back to top
Valid CSS Driven by DokuWiki Recent changes RSS feed Valid XHTML 1.0