Open richeney opened 1 year ago
Happy to contribute an update to the script and the docs page, but I won't be able to test against all supported variants of Ubuntu and Debian.
I thought it would be better to float the idea as a general enhancement as this script is fairly crucial!
@jiasli for awareness
PR is welcomed.
I agree that deb_install.sh
should be in sync with manual steps.
However, /etc/apt/keyrings
is correct.
If future updates to the certificate will be managed by an apt/dpkg package as recommended below, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally , it SHOULD be downloaded into /etc/apt/keyrings instead. -- https://wiki.debian.org/DebianRepository/UseThirdParty
Understood. I'm not sure I really understand the difference between an apt/dpkg package and a locally managed package.
(I was updating a few Ansible playbooks for my WSL setup as 22.04 was complaining about the legacy trusted.gpg keyring, and I noticed that Terraform and the gcloud CLI were now using /usr/share/keyrings
.)
I'll raise a PR for that script to get it inline with the manual instructions. 😊
@bebound, one other check; should the .gpg file be called /usr/share/keyrings/microsoft-archive-keyring.gpg
rather than /usr/share/keyrings/microsoft.gpg
?
(The https://wiki.debian.org/DebianRepository/UseThirdParty page uses that convention in the first paragraph.)
This's a good point. I'm not sure. CLI always name it as microsoft.gpg, I think it's okay to keep it. @jiasli What's your idea?
PS: VS code uses packages.microsoft.gpg. Docker uses docker.gpg. Ref:
Issue
The apt-key command is deprecated with Ubuntu 22.04 (except for deletes).
The
/usr/share/keyrings
directory is the recommended location for package signing keys now, rather than/etc/apt/keyrings
.The deb_install.sh script used by option 1 would benefit from changing to these newer standards. The manual commands are slightly better as they include the
signed-by
location, but again, should that location now be/usr/share/keyring
?