Join Log in
Score:3
GlenPeterson avatar Ubuntu

Exact commands to replace deprecated `add-apt-repository ppa:/` with gpg, curl, etc

tj flag
GlenPeterson

I understand that add-apt-repository is being deprecated because it adds the repo key globally instead of specifically for the package(s) that need it. However, the examples I see on the web don't show how to handle ppa:<username>/<package>

I can see What commands (exactly) should replace the deprecated apt-key? but I never used apt-key and the example doesn't show how to deal with the ppa part.

Here are the now-obsolete commands (openconnect requires vpnc which I think is hosted under the same ppa?):

apt update

apt install software-properties-common

add-apt-repository ppa:dwmw2/openconnect

apt install vpnc

apt install openconnect

If I could just unpack ppa:dwmw2/openconnect to separately download the key and add the repo, I could follow existing instructions for replacing apt-key and apt-add-repository separately and have a recipe for doing this for all other repository adds.

Sub-question

Does add-apt-repository do this by screen-scraping from https://launchpad.net/~dwmw2/+archive/ubuntu/openconnect?

No. I'm still missing the key block because when I do:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)

mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----

That format looks nothing like

Signing key:
4096R/DBBE5FF954B458D1A0875E8A9FCCDFFB8838752F
Fingerprint:
DBBE5FF954B458D1A0875E8A9FCCDFFB8838752F

And gpg --dearmor produces binary output: dearmored elastasearch gpg key

Hah! I think I found at least part of the answer here: https://help.launchpad.net/Packaging/PPA/InstallingSoftware#On_older_.28pre_9.10.29_Ubuntu_systems

Now:

# apt update
...

# apt install gpg
...

# gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/openconnect.gpg --keyserver keyserver.ubuntu.com --recv-keys DBBE5FF954B458D1A0875E8A9FCCDFFB8838752F
gpg: keybox '/usr/share/keyrings/openconnect.gpg' created
gpg: /tmp/trustdb.gpg: trustdb created
gpg: key 9FCCDFFB8838752F: public key "Launchpad PPA for dwmw2" imported
gpg: Total number processed: 1
gpg:               imported: 1

# echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/openconnect.gpg] https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic main' >/etc/apt/sources.list.d/openconnect.list

# apt update
Hit:1 http://security.ubuntu.com/ubuntu bionic-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu bionic InRelease                                                      
Hit:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease                                              
Ign:4 https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic InRelease                            
Hit:5 http://archive.ubuntu.com/ubuntu bionic-backports InRelease                                           
Err:6 https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic Release         
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 185.125.190.52 443]
Reading package lists... Done                              
W: https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu/dists/bionic/InRelease: No system certificates available. Try installing ca-certificates.
W: https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu/dists/bionic/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Easily fixed with: apt-get update failed because certificate verification failed because handshake failed on nodesource

Now:

# apt update
Hit:1 http://archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://security.ubuntu.com/ubuntu bionic-security InRelease                                                                 
Hit:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease                                             
Hit:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease                                           
Get:5 https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic InRelease [15.9 kB]                  
Get:6 https://ppa.launchpadcontent.net/dwmw2/openconnect/ubuntu bionic/main amd64 Packages [1437 B]
Fetched 17.3 kB in 1s (14.5 kB/s)  
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
225
0 + 1
apt
ppa
muru avatar
us flag
muru
`add-apt-repository` is [a Python script](https://git.launchpad.net/ubuntu/+source/software-properties/tree/), and it uses [the Launchpad API](https://launchpad.net/+apidoc/1.0.html#archive). You can try the API to get the signing key.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.