Freedom IT Limited

apt-key Deprecation Warning

 Have you seen the following message when running apt?
W: https://packages.microsoft.com/repos/edge/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
One way to resolve this is to export the GPG key from the deprecated keyring and store it in /usr/share/keyrings. Fortunately, it's not too difficult. Do the following in a terminal window:
 
1. List existing keys:
$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2017-05-08 [SCEA]
 1EDD E2CD FC02 5D17 F6DA 9EC0 ADAE 6AD2 8A8F 901A
uid [ unknown] Sublime HQ Pty Ltd <This email address is being protected from spambots. You need JavaScript enabled to view it.;
sub rsa4096 2017-05-08 [S]

pub rsa2048 2015-10-28 [SC]
 BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
uid [ unknown] Microsoft (Release signing) <This email address is being protected from spambots. You need JavaScript enabled to view it.;
2. From here, export the key:
sudo apt-key export BE1229CF | sudo gpg --dearmour -o /usr/share/keyrings/microsoft.gpg
Note: The BE1229CF value comes from the last 8 characters of the pub code. The name of the exported file is arbitary but will be referenced later in the apt source file.
The following message will likely appear:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
3. Now update the apt source file for the repository (e.g. in this case, /etc/apt/sources.list.d/microsoft.list), adding a signed-by tag:
deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main
4. Update apt to confirm the message is gone:
 
sudo apt update
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up-to-date.
W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
 5. Remove the original signature:
 
sudo apt-key del BE1229CF
This can be done with each of the 'legacy key storage' warning messages. Once done, apt will no longer complain.
 
Linux, Ubuntu, apt