Hello together!
I upgraded from 20.04 to 22.04 yesterday. When I now run "apt-get update" an error occurs telling me that key rings (of third party software) are outdated.
And "apt-key list" tells me that "apt-key is deprecated" and that I have to manage keyring files in trusted.gpg.d.
How can I solve this problem?
Try this. (Resolved) Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead – TecAdmin
btw apt-get is just apt now
sudo apt update
Thanks for the info mate!
I've found this via search engines too, but hesitate to give it a try.
Nevertheless I am sure that this solution will help solve the problem, but I consider this as a bug of the current os. So I hope this will be fixed in future updates, since the error hasn't existed in 20.04. I'll keep my fingers crossed.
In the meantime I tried to uninstall an reinstall the respective programs resulting in the same error.
Is anyone else experiencing this problem with third party software?
Hi @laser404,
apt-key
was not deprecated in 20.04, but is deprecated in 22.04. And will remain deprecated. That's a security issue.
So, it is not recommended to add keys to your keyrings using apt-key add
command. It is not recommended to keep any keys in /etc/apt/trusted.gpg
keyring. It is not recommended to keep non-Ubuntu (third-party) keys in /etc/apt/trusted.gpg.d/
directory. If your third-party software uses these locations to install keys, you have to manually reorganize them. By convention, third-party keys shall be in /usr/share/keyrings/
(when installed via package manager) or /etc/apt/keyrings/
(when installed manually).
Hope this helps.
Hi ironfoot,
thanks for the information! As I understood this correctly, this is a problem of the 3rd party software publisher. In this case I will wait until updates come from the respective publishers.
Greetings!
Hi @laser404 ,
it really depends on how do you install that third-party software. What error messages do you actually have?
Hey ironfoot,
I install from a .deb file (teamviewer, just to name one. But wire from the software boutique also was affected, can't remember exactly). And there is no error msg during installation. But when running apt update the described error msg is provided in the terminal after running apt update, see above post. That hasn't happened with 20.04.
Greetings!
Hi @laser404,
what you described above is a benign warning, not an error. It can't interrupt your system updates. Do you have any errors as well? That's the question.
To get rid of these warnings, you have to remove all your keys from /etc/apt/trusted.gpg
keyring. This keyring file is deprecated in 22.04 -> you have deprecation warnings. It was not deprecated in 20.04 -> you had no deprecation warnings. If your third-party software installs keys in /etc/apt/trusted.gpg
keyring file, you have to manually reorganize keys after software installation.
Hi ironfoot,
ok it's a warning. Understood, thanks. I do not have any other errors. As far as I know.
Back to the warning: I cannot open "trusted.gpg". The folder "etc/apt/keyrings" is empty right now (all 3rd party sw is uninstalled).
Might it be a solution to simply delete this "trusted.gpg" file?
Do I always have to manually reorganize those keys after each software installation from now on and for ever?
This sounds a bit like in the 1980's... sorry for my sarcasm
I will try installing 3rd party sw on a fresh installation of 22.04 on a different machine, the coming days. Perhaps this warning doesn't come up there.
Again thanks for your patience!
You are welcome @laser404!
Try gpg --show-keys /etc/apt/trusted.gpg
command to check the file.
You can delete it, if it doesn't contain the keys your system needs.
Not necessarily. Some third-party software publishers follow the conventions, and their .deb packages install keys into recommended directories. For example, /usr/share/keyrings/
is the recommended one.
Same .deb file will most likely produce same warnings.
Hey there
Just checked the file "trusted.gpg". There are some keys stored in it.
I cannot tell whether my system needs them or not.
Are you sure that /usr/share/keyrings/ is the correct folder? I thought "trusted.gpg.d" is the correct one, but who am I to tell.
Well I tried this on a different machine yesterday. With a fresh installation of 22.04. Before installing the .deb-file I checked the the folder "/etc/apt/ on that machine. The file "trusted.gpg" was missing there.
But the "trusted.gpg" file has been created during the installation of the respective .deb-file.
So this problem exists for all users, I suppose.
Again, in my opinion this should be fixed under the hood and not by the users.
Thanks for your efforts!
Greetings.
During keyring file inspection you can see some human-readable key description. So you can make a conclusion whether this key originated from your (now uninstalled) third-party software.
All keys placed in /etc/apt/trusted.gpg.d/
are ultimately trusted by apt. It is not recommended to put third-party keys there. That's a security issue. Here is a good article.
But how? When you install a .deb manually, you enter your password and authorize this .deb to run some installation script, make changes to your system, etc. What if this .deb is malicious? Who is responsible for installing it?