Don't add steam.gpg key to systems trusted.gpg.d dir

[bitmand]

Your system information

• Steam client version (build number or date): steam-launcher 1.0.0.75
• Distribution (e.g. Ubuntu): Ubuntu 22.04.2 LTS
• Opted into Steam client beta?: No
• Have you checked for system updates?: Yes

Please describe your issue in as much detail as possible:

Installing steam_latest.deb adds the Steam GPG key to the systems trusted keys in /etc/apt/trusted.gpg.d/steam.gpg, which is considered bad practice as the key can be used for all repositories/packages on the system.

Steps for reproducing this issue:

1. Install steam_latest.deb
2. Key: ls /etc/apt/trusted.gpg.d/steam.gpg
3. And grep signed-by /etc/apt/sources.list.d/steam.list yields nothing

Proposed solution

Add the Steam key to /usr/share/keyrings/steam.gpg instead. From the Signed-By section in man sources.list:

The recommended locations for keyrings are /usr/share/keyrings for keyrings managed by packages...

And use signed-by in steam repository config /etc/apt/sources.list.d/steam.list:

deb [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam
deb-src [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam

# Uncomment these lines to try the beta version of the Steam launcher
#deb [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ beta steam
#deb-src [signed-by=/usr/share/keyrings/steam.gpg arch=amd64,i386] https://repo.steampowered.com/steam/ beta steam

[nsrderooy]

Looks like the sources file has been fixed, but (at least on my system) the GPG key didn't exist in the new (/usr/share/keyrings/steam.gpg) location, I moved it and it started working again.