For the debian usecase at least, it might be worth looking at extrepo [1][2]. It maintains a list of known external apt repositories, along with the correct config and keys, which can then be enabled with a single command.
I don't know how well it works downstream with Ubuntu, but for debian at least, getting a definition for CRAN added would let people who want to enable it do so. Gordon [1]: https://grep.be/blog/en/computer/debian/Announcing_extrepo/ [2]: https://salsa.debian.org/extrepo-team/extrepo-data On Thu, Mar 18, 2021 at 09:03:12AM +0100, Johannes Ranke wrote: > Hi all, > > thanks for thoughts and valuable information on this issue. I think it will > not make the CRAN repositories any safer to use. But I believe it will > increase security of Debian/Ubuntu repositories in general. > > As bullseye will still contain apt-key and Debians release cycle is a bit > more > relaxed, I can still afford to sit back for a while and watch... > > Greetings, > > Johannes > > Am Mittwoch, 17. März 2021, 16:52:17 CET schrieb Carl Delfin: > > Michael, > > > > Sounds great! > > > > If it's any help, I put my solution in a bash script: > > > > #!/bin/bash > > KEY=/usr/local/share/keyrings/marutter.key > > > > if [ -f "$KEY" ]; then > > echo "$KEY already exists" > > sudo apt install -y r-base > > else > > wget -q -O marutter.key > > "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xe298a3a825c0d65dfd > > 57cbb651716619e084dab9" if ! file marutter.key | grep -q "PGP public key"; > > then > > echo "marutter.key does not appear to be a valid PGP key - aborting!" > > exit 1 > > else > > sudo mkdir -p /usr/local/share/keyrings/ > > sudo mv marutter.key /usr/local/share/keyrings/ > > echo "deb [signed-by=/usr/local/share/keyrings/marutter.key] > > https://cloud.r-project.org/bin/linux/ubuntu groovy-cran40/" | sudo tee -a > > /etc/apt/sources.list fi > > sudo apt install -y r-base > > fi > > > > Nothing fancy by any means, but it works and could perhaps be useful. > > > > Cheers, > > Carl > > > > Sent with ProtonMail Secure Email. > > > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > > > On Wednesday, March 17th, 2021 at 16:04, Michael Rutter > > <marut...@gmail.com> > wrote: > > > On 3/17/21 7:27 AM, Carl Delfin wrote: > > > > Hi everyone, > > > > > > > > Since apt-key will be deprecated in future releases of Debian > > > > (https://manpages.debian.org/testing/apt/apt-key.8.en.html), I recently > > > > got around to figuring out how to properly import Michael Rutter's key, > > > > based on this answer over at askubuntu: > > > > https://askubuntu.com/a/1307181. > > > > > > > > Perhaps something along those lines should be added to the README at > > > > https://cran.r-project.org/bin/linux/ubuntu/fullREADME.html? > > > > > > > > Cheers, > > > > > > > > Carl > > > > > > Carl, > > > > > > Thank you. I need to read these posts over to see if the instructions > > > > > > can be condensed, but this is very helpful. > > > > > > Michael > > > > > > > Sent with ProtonMail Secure Email. > > > > > > > > [[alternative HTML version deleted]] > > > > > > > > R-SIG-Debian mailing list > > > > > > > > R-SIG-Debian@r-project.org > > > > > > > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian > > > > > > R-SIG-Debian mailing list > > > > > > R-SIG-Debian@r-project.org > > > > > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian > > > > _______________________________________________ > > R-SIG-Debian mailing list > > R-SIG-Debian@r-project.org > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian > > > -- > Johannes Ranke > Wissenschaftlicher Berater > 07624 8099027 > https://jrwb.de > > _______________________________________________ > R-SIG-Debian mailing list > R-SIG-Debian@r-project.org > https://stat.ethz.ch/mailman/listinfo/r-sig-debian _______________________________________________ R-SIG-Debian mailing list R-SIG-Debian@r-project.org https://stat.ethz.ch/mailman/listinfo/r-sig-debian