Join Log in
Score:0
Blitzkoder avatar Ubuntu

Ubuntu 22.04 - connection between adapting to apt-key deprecation and Ubuntu Software and Updates (software-properties-gtk)

in flag
Blitzkoder

With Ubuntu 22.04 and beyond, apt-key has been deprecated and will eventually be removed.

This creates deprecation messages, so to solve this and attempt to improve security, I followed the following topics:

What commands (exactly) should replace the deprecated apt-key?

Key is stored in legacy trusted.gpg keyring after Ubuntu 22.04 update [duplicate]

I exported almost all keys from /etc/apt/trusted.gpg to a directory /usr/share/keyrings following the information in this answer:

This answer is a customization of the one provided by matigo user here. You need to export the GPG key from the deprecated keyring and store it in /usr/share/keyrings for every repo.

This led to exporting many keys from the deprecated keyring into the /usr/share/keyrings directory created by me. For each exported key, I also created/updated its associated three .list files, with the list files being stored in /etc/apt/sources.list.d.

After that I deleted the keys I exported:

sudo apt-key del LAST_8_KEY_DIGITS
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

While apt-key throws this recommendation of using the /etc/apt/trusted.gpg.d directory, from what I read in this thread answer it should be avoided as well:

All of the answers so far work around the symptom ("Don't use apt-key add") but fail to address the actual problem that led to apt-key add being deprecated. The problem is not a question of appending a key to one big keyring file etc/apt/trusted.gpg vs manually putting single-key keyring files into the directory /etc/apt/trusted.gpg.d/. These two things are equivalent, and doing either one is a huge security risk.

Now that you have your converted key, do not add it to apt's trusted keystore by copying it into /etc/apt/trusted.gpg.d/. Instead, put it somewhere like /etc/apt/keyrings/. (You might need to create that keyrings directory first.) There's nothing special about that location, it's just a convention recommended by man 5 sources.list in Ubuntu 22.04 and a related Debian Wiki entry.

So after following those threads and implementing the suggestions, I now have:

  • Repository .list files in /etc/apt/sources.list.d.
  • The actual GPG keys in /usr/share/keyrings.

I am able to run apt update and it correctly hits all the third-party repositories I exported from the deprecated file of apt-key.

The question is, is it possible to edit the "Software & Updates" program of Ubuntu (software-properties-gtk) to show the GPG keys again?

Not having them in the /etc/apt/trusted.gpg.d/ directory or the /etc/apt/trusted.gpg file is better for security from what I understand, but now software-properties-gtk cannot list repositories.

In this process of deprecating apt-key and improving security, is it possible to point software-properties-gtk to /etc/apt/sources.list.d and /usr/share/keyrings for it to show me the repositories in the "Other Software" tab of the "Software & Updates" GUI?

Grateful for any insight!

391
0 + 0
apt
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.