Or to use the command given as an example on the Debian wiki (you need to run it as root, e.g.
#ANYDESK UBUNTU VERSION WGET LINK DOWNLOAD#
after running sudo -i it uses curl instead of wget to download the key):Ĭurl | gpg -dearmor > /usr/share/keyrings/-archive-keyring.gpgĮxample of using this command to add the Signal APT repository:Ĭurl | gpg -dearmor > /usr/share/keyrings/signal-archive-keyring.gpgĭownload the OpenPGP key using wget and add it to your system using: Wget -O- | gpg -dearmor | sudo tee /usr/share/keyrings/signal-archive-keyring.gpg Replace the name with a descriptive name for the repository key you're addingįor example, to add the Signal application APT repository, you'd use: sudo tee /usr/share/keyrings/-archive-keyring.gpg: as super user ( sudo), read the standard input, which in this case is the output provided by gpg -dearmor, and write this to the /usr/share/keyrings/-archive-keyring.gpg file.gpg -dearmor: the gpg command is the OpenPGP encryption and signing tool its -dearmor option unpacks the input from an OpenPGP ASCII armor.Replace the URL here with the URL of the key you want to download and add to your system wget downloads the key from and outputs the key to stdout ( -O-).What everything in this command does / means: Wget -O- | gpg -dearmor | sudo tee /usr/share/keyrings/-archive-keyring.gpg To download using wget and add such an OpenPGP key to your system, use:
#ANYDESK UBUNTU VERSION WGET LINK HOW TO#
That being said, this is how to properly, and securely download and add a repository signing key to your system: Repo-key.gpg: PGP public key block Public-Key (old)
If the output of this command is similar to the following, then the key is ascii-armored: To verify if a key file is ascii-armored, download the key file and run this command ( note that the key extension can be. The OpenPGP key file can be ascii-armored or not. if the repository is called myrepository, the key file should be named myrepository-archive-keyring.gpg. The key name should contain a short name describing the repository, followed by archive-keyring. So what's the proper, secure way of adding third-party (unofficial) repositories and their OpenPGP signing keys on Debian, Ubuntu, and Linux distributions based on these, like Linux Mint, Pop!_OS, Elementary OS and so on, to replace the deprecated apt-key?Īccording to the Debian wiki, the key should be downloaded over HTTPS to a location only writable by root, for example /usr/share/keyrings. However, it would be a good idea to start transitioning to using the signed-by option as explained below, especially if you maintain a third-party repository.
You can continue to use apt-key for now as it still works. That's because adding OpenPGP keys to /etc/apt/trusted.gpg and /etc/apt/ is equally unsecure, as mentioned above. It's also worth noting that while the apt-key deprecation message says to " manage keyring files in instead", the Debian wiki states otherwise. So this change was made for security reasons (your security). As a result, any unofficial APT repository which has its signing key added to /etc/apt/trusted.gpg or /etc/apt/ can replace any package on the system. The reason for this change is that when adding an OpenPGP key that's used to sign an APT repository to /etc/apt/trusted.gpg or /etc/apt/, the key is unconditionally trusted by APT on all other repositories configured on the system that don't have a signed-by (see below) option, even the official Debian / Ubuntu repositories. What's more, " apt-key will last be available in Debian 11 and Ubuntu 22.04." The apt-key man page mentions that the " use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing keys from the main keyring". Manage keyring files in instead (see apt-key(8))".
When you try to add an APT repository key using apt-key on Debian, Ubuntu and Linux distributions based on these, you'll see the following message: " Warning: apt-key is deprecated. This article explains how to securely add OpenPGP keys and third-party APT repositories on Debian, Ubuntu, and Linux distributions based on these, like Linux Mint, Pop!_OS, Elementary OS and so on, to replace the deprecated apt-key.
0 kommentar(er)
