Trace:
no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


blog:2021:11:26:2021-11-26_-_apt-key_is_dead..._finally [2021/11/26 20:14] (current) – created basz
Line 1: Line 1:
 +====== 2021-11-26 - apt-key is dead... finally! ======
  
 +today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff:
 +  - find external repo
 +  - add to ''apt'' ''sources.list.d''
 +  - then ''apt-key''
 +and surprise! deprecation warning! fast-forward 23 seconds and [[https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html|everything is clear]].
 +
 +it's deprecated because of a fatal design flaw -- keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel...). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed -- only via docker or VM.
 +
 +so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes:
 +  - <code>wget -O - https://some.custom.repo/key.gpg | gpg --dearmor > /usr/share/keyrings/repo-keyring.gpg</code>
 +  - <code>vi /etc/apt/sources.list.d/repo.list</code>
 +
 +and there the key part (literally ;)):
 +<code>
 +deb [signed-by=/usr/share/keyrings/repo-keyring.gpg] https://some.custom.repo/debian bullseye main
 +</code>
 +
 +followed by usuall:
 +<code bash>
 +apt update
 +apt install my-favourite-custom-package
 +</code>
 +
 +and done! :)
blog/2021/11/26/2021-11-26_-_apt-key_is_dead..._finally.txt · Last modified: 2021/11/26 20:14 by basz
Back to top
Valid CSS Driven by DokuWiki Recent changes RSS feed Valid XHTML 1.0