2021-11-26_-_apt-key_is_dead..._finally

anonymous@undisclosed.example.com (Anonymous) — Fri, 26 Nov 2021 20:14:50 +0000

2021-11-26 - apt-key is dead... finally!

today i was preparing some dockerized SDK, with some out-of-distro tooling. the usuall stuff:

find external repo
add to apt sources.list.d
then apt-key

and surprise! deprecation warning! fast-forward 23 seconds and everything is clear.

it's deprecated because of a fatal design flaw – keys added could be used to sign ANY package. even overwrite sth from the main distro (think: glibc, kernel…). this is the exact reason i drop using external repos a long time ago on my machines. if ever needed – only via docker or VM.

so what's current, better solution? obviously connect repo with a key. you can do this now with a simple syntax, when defining a repo file. here's how it goes:

wget -O - https://some.custom.repo/key.gpg | gpg --dearmor > /usr/share/keyrings/repo-keyring.gpg

```
vi /etc/apt/sources.list.d/repo.list
```

and there the key part (literally ;)):

deb [signed-by=/usr/share/keyrings/repo-keyring.gpg] https://some.custom.repo/debian bullseye main

followed by usuall:

apt update
apt install my-favourite-custom-package

and done! :)

BaSzErr - blog:2021:11:26

2021-11-26_-_apt-key_is_dead..._finally

2021-11-26 - apt-key is dead... finally!