This shows you the differences between two versions of the page.
— | blog:2021:11:26:2021-11-26_-_apt-key_is_dead..._finally [2021/11/26 20:14] (current) – created basz | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== 2021-11-26 - apt-key is dead... finally! ====== | ||
+ | today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff: | ||
+ | - find external repo | ||
+ | - add to '' | ||
+ | - then '' | ||
+ | and surprise! deprecation warning! fast-forward 23 seconds and [[https:// | ||
+ | |||
+ | it's deprecated because of a fatal design flaw -- keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel...). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed -- only via docker or VM. | ||
+ | |||
+ | so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes: | ||
+ | - < | ||
+ | - < | ||
+ | |||
+ | and there the key part (literally ;)): | ||
+ | < | ||
+ | deb [signed-by=/ | ||
+ | </ | ||
+ | |||
+ | followed by usuall: | ||
+ | <code bash> | ||
+ | apt update | ||
+ | apt install my-favourite-custom-package | ||
+ | </ | ||
+ | |||
+ | and done! :) |