cClaude.rocks ☕ Le blog

[Nouvelles technologies, sciences et coups de gueule…]

Menu

Le programme apt-key va être supprimé dans Debian 12, il est obsolète. Cet article concerne donc tous les dérivés de Debian, comme Ubuntu, Linux Mint ou Raspi-OS.



La conséquence est que vous risque de rencontrer des erreurs du type lors d’un apt update :

W: http://ppa.launchpad.net/git-core/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/jerem-ferry/tts/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://repo.skype.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.


Remplacement d’apt-key

L’utilisation d’apt-key est obsolète. Voici comment modifier vos scripts :

(extrait de man 8 apt-key)

Si votre utilisation actuelle d’apt-key add ressemble à ceci :

wget -qO- https://myrepo.example/myrepo.asc | sudo apt-cle add -

Vous pouvez directement le remplacer par :

wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

Assurez-vous d’utiliser l’extension asc pour les clés blindées ASCII et l’extension gpg pour le format binaire OpenPGP (« binary OpenPGP format »).

Recommandations :

Au lieu de placer les clés dans le répertoire /etc/apt/trusted.gpg.d, vous pouvez les placer n’importe où sur votre système de fichiers en utilisant l’option Signed-By dans votre sources.list et en pointant vers le nom de fichier de la clé. Voir sources.list(5) pour plus de détails. Depuis APT 2.4, /etc/apt/keyrings est fourni comme emplacement recommandé pour les clés non gérées par les packages.



Exemple d’utilisation de signed-by dans les fichiers sources.list

Prenons le fichier /etc/apt/sources.list.d/nodesource.list, destiné à ajouter un dépôt pour les versions récentes de nodejs.

Ce fichier contient quelque chose comme :


deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x focal main
deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x focal main

On constate que le fichier servant à vérifier l’intégrité du paquet est défini à l’aide de l’attribut signed-by.

Dans un autre cas, le fichier /etc/apt/sources.list.d/signal-xenial.list, on trouve comment utiliser conjointement les attributs arch et signed-by:


deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main



Correction des alertes lors de l’exécution de apt update

apt-key list | grep -B 2 -i xbmc
pub   rsa1024 2009-01-20 [SC]
      1897 01DA 570C 56B9 488E  F60A 6D97 5C47 91E7 EE5E
uid           [ unknown] Launchpad PPA for XBMC for Linux

Il faut convertir cette clé en un fichier .gpg, pour cela il faut récupérer les 8 derniers caractères de l’identificateur obtenu.

sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg

Vous devrez répéter les commandes ci-dessus pour chaque message d’avertissement généré par sudo apt update.

  • Autres exemples

    Dans le cas, ci-dessus :

    # Permet de trouver l’id :
    apt-key list | grep -B 2 -i virtualbox
    
    # Conversion de la clé au format **GPG** :
    sudo apt-key export 2980AECF | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/oracle-virtualbox.gpg
    
    apt-key list | grep -B 2 -i git
    sudo apt-key export E1DF1F24 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/ubuntu-git.gpg
    
    apt-key list | grep -B 2 -i skype
    sudo apt-key export DF7587C3 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/microsoft-skype.gpg
    
    apt-key list | grep -B 2 -i ferry
    sudo apt-key export E1DF1F24 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/ubuntu-git.gpg
    
  • Un cas plus compliqué

    J’ai galéré un peu pour la ligne :

    W: http://ppa.launchpad.net/jerem-ferry/tts/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
    

    qui correspondait au fichier /etc/apt/sources.list.d/jerem-ferry-tts-focal.list. Le but était de pouvoir installer l’application « Text To Speech ».

    Du coup, l’idée a été de supprimer ce fichier.

    sudo rm /etc/apt/sources.list.d/jerem-ferry-tts-focal.list
    sudo apt update # Maintenant, l’alerte a disparu.
    

    Ensuite je réinstalle le dépôt :

    sudo add-apt-repository ppa:jerem-ferry/tts && sudo apt update
    

    et j’ai les alertes suivantes :

    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    Executing: /tmp/apt-key-gpghome.Sy5X3mDhEk/gpg.1.sh --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 7EB33EBA6BC7A2C939E216235153C487548402C7
    gpg: key 5153C487548402C7: "Launchpad PPA for mothsArt" not changed
    

    qui me permet de déduire que la fin de l’id est : 548402C7.

    Je peux maintenant convertir la clé à l’aide de :

    sudo apt-key export 548402C7 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/ppa:jerem-ferry-tts-mothsart.gpg
    

    Finalement, je n’ai plus d’alerte lorsque j’exécute :

    sudo apt update
    


Le cas apt-key list

La liste des clés s’obtenait à l’aide de apt-key list dans l’avenir vous devrez utiliser : gpg --show-keys /etc/apt/trusted.gpg, qui donne un résultat très similaire :

  • Liste de vos clés
    # Notez que la localisation des clés est géré par apt-key
    apt-key list
    
    gpg --show-keys /etc/apt/trusted.gpg
    gpg --show-keys /etc/apt/trusted.gpg.d/*
    

    Pour un traitement dans par script, vous trouverez sans doute utile l’option : --with-colons.

    gpg --with-colons --show-keys /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/*
    
    /etc/apt/trusted.gpg
    --------------------
    pub   rsa1024 2010-05-04 [SC]
          7B2C 3B08 89BF 5709 A105  D03A C251 8248 EEA1 4886
    uid           [ unknown] Launchpad VLC
    
    pub   rsa4096 2016-04-22 [SC]
          B9F8 D658 297A F3EF C18D  5CDF A2F6 83C5 2980 AECF
    uid           [ unknown] Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
    sub   rsa4096 2016-04-22 [E]
    
    pub   rsa1024 2010-12-14 [SC]
          A3D8 A366 869F E2DC 5FFD  79C3 6A96 53F9 36FD 5529
    uid           [ unknown] Launchpad PPA for atareao
    
    pub   rsa1024 2009-01-20 [SC]
          643D C6BD 5658 0CEB 1AB4  A9F6 3B22 AB97 AF1C DFA9
    uid           [ unknown] Launchpad PPA for Ubuntu-X
    
    pub   rsa4096 2017-11-26 [SC]
          4053 F889 A25B 94BB 58F8  89CC 6F6F 0287 E3B1 D17C
    uid           [ unknown] Launchpad PPA for hayder majed
    
    pub   rsa4096 2016-10-05 [SC]
          72EC F46A 56B4 AD39 C907  BBB7 1646 B01B 86E5 0310
    uid           [ unknown] Yarn Packaging <yarn@dan.cx>
    sub   rsa4096 2016-10-05 [E]
    
    pub   rsa4096 2015-08-12 [SC]
          2388 FF3B E10A 76F6 38F8  0723 FCAE 110B 1118 213C
    uid           [ unknown] Launchpad PPA for Graphics Drivers Team
    
    pub   rsa4096 2017-05-08 [SCEA]
          1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
    uid           [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
    sub   rsa4096 2017-05-08 [S]
    
    pub   rsa1024 2009-09-02 [SC]
          FBA0 C227 099A 5360 635E  3D91 5216 5BD6 B9BA 26FA
    uid           [ unknown] Launchpad OpenShot Development PPA
    
    pub   rsa4096 2016-01-19 [SC]
          A59E 5EBF CCC6 1564 D6D4  365B 2763 B0EE 7709 FE97
    uid           [ unknown] Launchpad PPA for Kdenlive
    
    pub   rsa1024 2009-01-20 [SC]
          1897 01DA 570C 56B9 488E  F60A 6D97 5C47 91E7 EE5E
    uid           [ unknown] Launchpad PPA for XBMC for Linux
    
    pub   rsa2048 2016-06-22 [SC]
          D404 0146 BE39 7250 9FD5  7FC7 1F30 45A5 DF75 87C3
    uid           [ unknown] Skype Linux Client Repository <se-um@microsoft.com>
    sub   rsa2048 2016-06-22 [E]
    
    pub   rsa1024 2010-04-14 [SC]
          43D3 A9F6 0C58 A716 9778  E6FB 8771 ADB0 8169 50D8
    uid           [ unknown] Launchpad HandBrake Snapshots
    
    pub   rsa1024 2013-12-03 [SC]
          A006 2203 196C A448 2DDB  859E 4C1C BE14 8525 41CB
    uid           [ unknown] Launchpad PPA for Panda Jim
    
    pub   rsa4096 2014-06-13 [SC]
          9FD3 B784 BC1C 6FC3 1A8A  0A1C 1655 A0AB 6857 6280
    uid           [ unknown] NodeSource <gpg@nodesource.com>
    sub   rsa4096 2014-06-13 [E]
    
    pub   rsa1024 2009-01-22 [SC]
          E1DD 2702 88B4 E603 0699  E45F A171 5D88 E1DF 1F24
    uid           [ unknown] Launchpad PPA for Ubuntu Git Maintainers
    
    pub   rsa1024 2014-01-12 [SC]
          7EB3 3EBA 6BC7 A2C9 39E2  1623 5153 C487 5484 02C7
    uid           [ unknown] Launchpad PPA for mothsArt
    
    pub   rsa4096 2017-04-05 [SC]
          DBA3 6B51 81D0 C816 F630  E889 D980 A174 57F6 FB06
    uid           [ unknown] Open Whisper Systems <support@whispersystems.org>
    sub   rsa4096 2017-04-05 [E]
    
    pub   rsa4096 2017-01-20 [SC]
          1FCD 77DD 0DBE F569 9AD2  6101 60EE 47FB AD3D D469
    uid           [ unknown] Launchpad PPA for Nextcloud development
    
    pub   rsa2048 2015-09-28 [SC] [expires: 2023-01-17]
          06D7 EADE 708A 40FA 136E  B454 0700 205D FD41 A71A
    uid           [ unknown] devel OBS Project <devel@s2.owncloud.com>
    
    pub   rsa4096 2018-08-14 [SC]
          E869 7E2E EF76 C02D 3A63  3277 8881 B2A8 2109 76F2
    uid           [ unknown] Package Manager (Package Signing Key) <packages@pgadmin.org>
    sub   rsa4096 2018-08-14 [E]
    
    /etc/apt/trusted.gpg.d/isv_ownCloud_server_10.gpg
    -------------------------------------------------
    pub   rsa2048 2016-09-25 [SC] [expired: 2022-04-02]
          1B07 204C D71B 690D 409F  57D2 4ABE 1AC7 557B EFF9
    uid           [ expired] isv:ownCloud OBS Project <isv:ownCloud@build.opensuse.org>
    
    /etc/apt/trusted.gpg.d/linuxmint-keyring.gpg
    --------------------------------------------
    pub   rsa4096 2016-05-24 [SC]
          302F 0738 F465 C153 5761  F965 A661 6109 451B BBF2
    uid           [ unknown] Linux Mint Repository Signing Key <root@linuxmint.com>
    sub   rsa4096 2016-05-24 [E]
    
    /etc/apt/trusted.gpg.d/microsoft.gpg
    ------------------------------------
    pub   rsa2048 2015-10-28 [SC]
          BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
    uid           [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>
    
    /etc/apt/trusted.gpg.d/ubuntu-defaults.chroot.key.gpg
    -----------------------------------------------------
    pub   rsa4096 2016-05-24 [SC]
          302F 0738 F465 C153 5761  F965 A661 6109 451B BBF2
    uid           [ unknown] Linux Mint Repository Signing Key <root@linuxmint.com>
    sub   rsa4096 2016-05-24 [E]
    
    /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
    ------------------------------------------------------
    pub   rsa4096 2012-05-11 [SC]
          8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
    uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
    
    /etc/apt/trusted.gpg.d/ubuntu-keyring-2016-dbgsym.gpg
    -----------------------------------------------------
    pub   rsa4096 2016-03-21 [SC]
          F2ED C64D C5AE E1F6 B9C6  21F0 C8CA B659 5FDF F622
    uid           [ unknown] Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive@lists.ubuntu.com>
    
    /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
    ------------------------------------------------------
    pub   rsa4096 2018-09-17 [SC]
          F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
    uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
    

    Résultat de: gpg --show-keys /etc/apt/trusted.gpg

    pub   rsa1024 2010-05-04 [SC]
          7B2C3B0889BF5709A105D03AC2518248EEA14886
    uid                      Launchpad VLC
    
    pub   rsa4096 2016-04-22 [SC]
          B9F8D658297AF3EFC18D5CDFA2F683C52980AECF
    uid                      Oracle Corporation (VirtualBox archive signing key) <info@virtualbox.org>
    sub   rsa4096 2016-04-22 [E]
    
    pub   rsa1024 2010-12-14 [SC]
          A3D8A366869FE2DC5FFD79C36A9653F936FD5529
    uid                      Launchpad PPA for atareao
    
    pub   rsa1024 2009-01-20 [SC]
          643DC6BD56580CEB1AB4A9F63B22AB97AF1CDFA9
    uid                      Launchpad PPA for Ubuntu-X
    
    pub   rsa4096 2017-11-26 [SC]
          4053F889A25B94BB58F889CC6F6F0287E3B1D17C
    uid                      Launchpad PPA for hayder majed
    
    pub   rsa4096 2016-10-05 [SC]
          72ECF46A56B4AD39C907BBB71646B01B86E50310
    uid                      Yarn Packaging <yarn@dan.cx>
    sub   rsa4096 2016-10-05 [E]
    sub   rsa4096 2016-10-05 [S] [expired: 2017-10-05]
    sub   rsa4096 2016-10-30 [S] [expired: 2019-01-01]
    sub   rsa4096 2017-09-10 [S] [expired: 2019-01-01]
    sub   rsa4096 2019-01-02 [S] [expired: 2021-02-03]
    sub   rsa4096 2019-01-11 [S] [expired: 2021-02-03]
    
    pub   rsa4096 2015-08-12 [SC]
          2388FF3BE10A76F638F80723FCAE110B1118213C
    uid                      Launchpad PPA for Graphics Drivers Team
    
    pub   rsa4096 2017-05-08 [SCEA]
          1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A
    uid                      Sublime HQ Pty Ltd <support@sublimetext.com>
    sub   rsa4096 2017-05-08 [S]
    
    pub   rsa1024 2009-09-02 [SC]
          FBA0C227099A5360635E3D9152165BD6B9BA26FA
    uid                      Launchpad OpenShot Development PPA
    
    pub   rsa4096 2016-01-19 [SC]
          A59E5EBFCCC61564D6D4365B2763B0EE7709FE97
    uid                      Launchpad PPA for Kdenlive
    
    pub   rsa1024 2009-01-20 [SC]
          189701DA570C56B9488EF60A6D975C4791E7EE5E
    uid                      Launchpad PPA for XBMC for Linux
    
    pub   rsa2048 2016-06-22 [SC]
          D4040146BE3972509FD57FC71F3045A5DF7587C3
    uid                      Skype Linux Client Repository <se-um@microsoft.com>
    sub   rsa2048 2016-06-22 [E]
    
    pub   rsa1024 2010-04-14 [SC]
          43D3A9F60C58A7169778E6FB8771ADB0816950D8
    uid                      Launchpad HandBrake Snapshots
    
    pub   rsa1024 2013-12-03 [SC]
          A0062203196CA4482DDB859E4C1CBE14852541CB
    uid                      Launchpad PPA for Panda Jim
    
    pub   rsa4096 2014-06-13 [SC]
          9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280
    uid                      NodeSource <gpg@nodesource.com>
    sub   rsa4096 2014-06-13 [E]
    
    pub   rsa1024 2009-01-22 [SC]
          E1DD270288B4E6030699E45FA1715D88E1DF1F24
    uid                      Launchpad PPA for Ubuntu Git Maintainers
    
    pub   rsa1024 2014-01-12 [SC]
          7EB33EBA6BC7A2C939E216235153C487548402C7
    uid                      Launchpad PPA for mothsArt
    
    pub   rsa4096 2017-04-05 [SC]
          DBA36B5181D0C816F630E889D980A17457F6FB06
    uid                      Open Whisper Systems <support@whispersystems.org>
    sub   rsa4096 2017-04-05 [E]
    
    pub   rsa4096 2017-01-20 [SC]
          1FCD77DD0DBEF5699AD2610160EE47FBAD3DD469
    uid                      Launchpad PPA for Nextcloud development
    
    pub   rsa2048 2015-09-28 [SC] [expires: 2023-01-17]
          06D7EADE708A40FA136EB4540700205DFD41A71A
    uid                      devel OBS Project <devel@s2.owncloud.com>
    
    pub   rsa4096 2018-08-14 [SC]
          E8697E2EEF76C02D3A6332778881B2A8210976F2
    uid                      Package Manager (Package Signing Key) <packages@pgadmin.org>
    sub   rsa4096 2018-08-14 [E]
    

    Résultat de: gpg --show-keys /etc/apt/trusted.gpg.d/*

    pub   rsa2048 2016-09-25 [SC] [expired: 2022-04-02]
          1B07204CD71B690D409F57D24ABE1AC7557BEFF9
    uid                      isv:ownCloud OBS Project <isv:ownCloud@build.opensuse.org>
    
    pub   rsa4096 2016-05-24 [SC]
          302F0738F465C1535761F965A6616109451BBBF2
    uid                      Linux Mint Repository Signing Key <root@linuxmint.com>
    sub   rsa4096 2016-05-24 [E]
    
    pub   rsa4096 2016-05-24 [SC]
          302F0738F465C1535761F965A6616109451BBBF2
    uid                      Linux Mint Repository Signing Key <root@linuxmint.com>
    sub   rsa4096 2016-05-24 [E]
    
    pub   rsa2048 2015-10-28 [SC]
          BC528686B50D79E339D3721CEB3E94ADBE1229CF
    uid                      Microsoft (Release signing) <gpgsecurity@microsoft.com>
    
    pub   rsa4096 2017-04-05 [SC]
          DBA36B5181D0C816F630E889D980A17457F6FB06
    uid                      Open Whisper Systems <support@whispersystems.org>
    sub   rsa4096 2017-04-05 [E]
    
    pub   rsa4096 2016-05-24 [SC]
          302F0738F465C1535761F965A6616109451BBBF2
    uid                      Linux Mint Repository Signing Key <root@linuxmint.com>
    sub   rsa4096 2016-05-24 [E]
    
    pub   rsa4096 2012-05-11 [SC]
          843938DF228D22F7B3742BC0D94AA3F0EFE21092
    uid                      Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>
    
    pub   rsa4096 2016-03-21 [SC]
          F2EDC64DC5AEE1F6B9C621F0C8CAB6595FDFF622
    uid                      Ubuntu Debug Symbol Archive Automatic Signing Key (2016) <ubuntu-archive@lists.ubuntu.com>
    
    pub   rsa4096 2018-09-17 [SC]
          F6ECB3762474EDA9D21B7022871920D1991BC93C
    uid                      Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
    


Liens

ᦿ


ℹ 2006 - 2022 | 🏠 Accueil du domaine | 🏡 Accueil du blog