Steam client version (build number or date): steam-launcher 1.0.0.75
Distribution (e.g. Ubuntu): Ubuntu 22.04.2 LTS
Opted into Steam client beta?: No
Have you checked for system updates?: Yes
Please describe your issue in as much detail as possible:
Installing steam_latest.deb adds the Steam GPG key to the systems trusted keys in /etc/apt/trusted.gpg.d/steam.gpg, which is considered bad practice as the key can be used for all repositories/packages on the system.
Steps for reproducing this issue:
Install steam_latest.deb
Key: ls /etc/apt/trusted.gpg.d/steam.gpg
And grep signed-by /etc/apt/sources.list.d/steam.list yields nothing
Proposed solution
Add the Steam key to /usr/share/keyrings/steam.gpg instead. From the Signed-By section in man sources.list:
The recommended locations for keyrings are /usr/share/keyrings for keyrings managed by packages...
And use signed-by in steam repository config /etc/apt/sources.list.d/steam.list:
deb [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam
deb-src [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam
# Uncomment these lines to try the beta version of the Steam launcher
#deb [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ beta steam
#deb-src [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ beta steam
Looks like the sources file has been fixed, but (at least on my system) the GPG key didn't exist in the new (/usr/share/keyrings/steam.gpg) location, I moved it and it started working again.
Your system information
steam-launcher 1.0.0.75
Ubuntu 22.04.2 LTS
No
Yes
Please describe your issue in as much detail as possible:
Installing
steam_latest.deb
adds the Steam GPG key to the systems trusted keys in/etc/apt/trusted.gpg.d/steam.gpg
, which is considered bad practice as the key can be used for all repositories/packages on the system.Steps for reproducing this issue:
steam_latest.deb
ls /etc/apt/trusted.gpg.d/steam.gpg
grep signed-by /etc/apt/sources.list.d/steam.list
yields nothingProposed solution
Add the Steam key to
/usr/share/keyrings/steam.gpg
instead. From theSigned-By
section inman sources.list
:And use
signed-by
in steam repository config/etc/apt/sources.list.d/steam.list
: