search

NetKnights-GmbH / ubuntu

Ubuntu build environment for privacyIDEA
3 stars 4 forks source link

Ubuntu 22 stores GPG-keys for package verification differently #64

Open plettich opened 1 year ago

plettich commented 1 year ago

Since Ubuntu 22.04 (Apt 2.4) the default way of adding package signing keys is deprecated and results in a warning during an apt update. We should adapt the repository file and documentation accordingly: https://manpages.ubuntu.com/manpages/jammy/man8/apt-key.8.html#deprecation

pablo-knight commented 1 year ago

This Example should work.

curl -fsSL \
https://lancelot.netknights.it/NetKnights-Release.asc \
| gpg --dearmor > /usr/share/keyrings/NetKnights.gpg

echo "deb [signed-by=/usr/share/keyrings/NetKnights.gpg] http://lancelot.netknights.it/community/jammy/stable jammy main" >> /etc/apt/sources.list

plettich commented 1 year ago

This Example should work.

curl -fsSL \
https://lancelot.netknights.it/NetKnights-Release.asc \
| gpg --dearmor > /usr/share/keyrings/NetKnights.gpg

The Man-page recommends /etc/apt/keyrings/ for the location of additional keys.

echo "deb [signed-by=/usr/share/keyrings/NetKnights.gpg] http://lancelot.netknights.it/community/jammy/stable jammy main" >> /etc/apt/sources.list

Should we add this to the Downloadinfo for jammy as well?

pablo-knight commented 1 year ago

Yes, we should adopt this as you suggested to the Downloadinfo. (/etc/apt/keyrings/) This should be the regular install guide for ubuntu 22 installations.

plettich commented 4 weeks ago

Yes, we should adopt this as you suggested to the Downloadinfo. (/etc/apt/keyrings/) This should be the regular install guide for ubuntu 22 installations.

I checked for Ubuntu 22 and 24: We can get the key with curl --output-dir /etc/apt/keyrings -O https://lancelot.netknights.it/NetKnights-Release.asc and use it either with: deb [signed-by=/etc/apt/keyrings/NetKnights-Release.asc] http://lancelot.netknights.it/community/noble/devel noble main in /etc/apt/sources.list.d/privacyidea.list or with

Types: deb
URIs: http://lancelot.netknights.it/community/noble/devel
Suites: noble
Components: main
Signed-By: /etc/apt/keyrings/NetKnights-Release.asc

in /etc/apt/sources.list.d/privacyidea.sources.

Or we can integrate the key directly in the sources file and provide the file like this:

Types: deb
URIs: http://lancelot.netknights.it/community/noble/devel
Suites: noble
Components: main
Signed-By:
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 .
 mQINBFka/rsBEADmBd9PyS9Bcmaw/DCE2MjHRhe8ASG2MEjIyq4dCuE23pq6vuSj
 ...

All of this disables the warning message when running apt.