Bug#1006542: marked as done (apt: Please provide a script to export keys from trusted.gpg and reference it in apt-key(8))

Debian Bug Tracking System Tue, 01 Mar 2022 03:21:33 -0800

Your message dated Tue, 1 Mar 2022 12:16:33 +0100
with message-id <[email protected]>
and subject line Re: Bug#1006542: apt: Please provide a script to export keys 
from trusted.gpg and reference it in apt-key(8)
has caused the Debian Bug report #1006542,
regarding apt: Please provide a script to export keys from trusted.gpg and 
reference it in apt-key(8)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1006542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006542
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: apt
Version: 2.4.0
Severity: wishlist

Since new version I have warning about keys that have been stored in 
trusted.gpg file.
I do see the export or exportall command in apt-key (8) man page but wonder how
to automate the extraction and what is the best storage replacement.

It would be fine to provide a script that does the conversion if you intent to 
really suppress
the trusted.gpg support



-- Package-specific info:

-- (no /etc/apt/preferences present) --


-- (no /etc/apt/preferences.d/* present) --


-- (/etc/apt/sources.list present, but not submitted) --


-- (/etc/apt/sources.list.d/cisofy-lynis.list present, but not submitted) --


-- /etc/apt/sources.list.d/google-chrome.list --

deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main

-- (/etc/apt/sources.list.d/orange-repo-microsoft-teams.list present, but not 
submitted) --


-- (/etc/apt/sources.list.d/orange-repo-wire.list present, but not submitted) --


-- (/etc/apt/sources.list.d/orange-repo-yourdev-gruik.list present, but not 
submitted) --


-- (/etc/apt/sources.list.d/orange-repo-yourdev.list present, but not 
submitted) --


-- (/etc/apt/sources.list.d/signal-xenial.list present, but not submitted) --


-- (/etc/apt/sources.list.d/skype-stable.list present, but not submitted) --


-- (/etc/apt/sources.list.d/skype-unstable.list present, but not submitted) --


-- (/etc/apt/sources.list.d/slack.list present, but not submitted) --


-- (/etc/apt/sources.list.d/sublime-text.list present, but not submitted) --


-- (/etc/apt/sources.list.d/vscode.list present, but not submitted) --


-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), 
(1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.102 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages apt depends on:
ii  adduser                 3.118
ii  debian-archive-keyring  2021.1.1
ii  gpgv                    2.3.1-1
ii  gpgv2                   2.3.1-1
ii  libapt-pkg6.0           2.4.0
ii  libc6                   2.34-0experimental3
ii  libgcc-s1               12-20220222-1
ii  libgnutls30             3.7.3-4+b1
ii  libseccomp2             2.5.3-2
ii  libstdc++6              12-20220222-1
ii  libsystemd0             250.3-2

Versions of packages apt recommends:
ii  ca-certificates  20211016

Versions of packages apt suggests:
pn  apt-doc         <none>
ii  aptitude        0.8.13-3
ii  dpkg-dev        1.21.1
ii  gnupg           2.3.1-1
ii  powermgmt-base  1.36
ii  synaptic        0.90.2+b1

-- no debconf information

--- End Message ---

--- Begin Message ---

On Sun, Feb 27, 2022 at 11:20:20AM +0100, Eric Valette wrote:
> Package: apt
> Version: 2.4.0
> Severity: wishlist
> 
> Since new version I have warning about keys that have been stored in 
> trusted.gpg file.
> I do see the export or exportall command in apt-key (8) man page but wonder 
> how
> to automate the extraction and what is the best storage replacement.
> 

Use apt-key export to export individual keys, store them
in /etc/apt/keyrings, and then use Signed-By in sources.list.

In general though, I expect keys are not managed by users, but debs,
whether archive keyrings or proprietary debs like chrome that add their
own key and this is a warning for them, not the end user.

> It would be fine to provide a script that does the conversion if you intent 
> to really suppress
> the trusted.gpg support

That would not be appropriate. Doing this properly is a manual job.

-- 
debian developer - deb.li/jak | jak-linux.org - free software dev
ubuntu core developer                              i speak de, en

--- End Message ---

Bug#1006542: marked as done (apt: Please provide a script to export keys from trusted.gpg and reference it in apt-key(8))

Reply via email to