Ubuntu 22.04 - Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key

Материал из Wiki - Iphoster - the best ever hosting and support. 2005 - 2024
Версия от 16:11, 14 августа 2024; Admin iph (обсуждение | вклад) (Новая страница: «=== Ubuntu 22.04 - Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key === # apt update W: http://rep...»)
(разн.) ← Предыдущая | Текущая версия (разн.) | Следующая → (разн.)
Перейти к:навигация, поиск

Ubuntu 22.04 - Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key

# apt update
W: http://repo.fastpanel.direct/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://repo.mysql.com/apt/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.


Решение:

# cp -r /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d
# apt update


Посмотреть ключи можно командой

# apt-key list


В общем, добавление ключей в /etc/apt/trusted.gpg.d с помощью "apt-key add" считается небезопасным, начиная с Debian 11 и Ubuntu 22.04 настоятельно рекомендуется избегать и apt-key использовать лишь для удаления уже добавленных ключей

The problem is that any key you add to either of the above is completely and unconditionally trusted by apt. This means that when installing any package from any repo (including the official distro repos), apt will happily accept the package being signed by any of those trusted keys (whether the key belongs to the repository the package is coming from or not). This weakens the assurance provided by the package signing mechanism against malicous packages being injected into the official Ubuntu mirrors network.
What we want to do instead is configure apt to accept signatures from a third-party repository only on packages being installed from that repository — no cross-signing. Apt's default pinning rules give higher priority to official distro repos, which (in conjunction with proper key management) offers some protection against third-party repos replacing distro-provided packages.