Closed yalh76 closed 5 years ago
... apt-key is supposed to be deprecated, and yet we can't simply add keys to trusted.gpg.d as asked...
Are you sure gpg --dearmor
will work on any key ? Even if not armored ?
I just made one test using https://github.com/YunoHost-Apps/Experimental_helpers/blob/8ce0b21e65c232e73e81c2e556153228c355ba26/ynh_install_php/ynh_install_php#L19
In my mastodon_ynh, I added:
ynh_install_extra_repo --repo="https://packages.sury.org/php/ stretch main" --key="https://packages.sury.org/php/apt.gpg"
That key is not armored
And after installation:
apt get update
show me sury.org repositorySo I'm like 75% sure that it could work on any key.... But my Debian skills are like beginner skills
Ok, let's update the helper then.
gpg repository key are sometimes provided "ascii armored". Explanations: https://wiki.debian.org/DebianRepository/UseThirdParty
Example: for Yarn installation the key https://dl.yarnpkg.com/debian/pubkey.gpg is an ascii armored key
If I do a
ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
There is an error:They shoud provide that key as https://dl.yarnpkg.com/debian/pubkey.asc but they don't....
A solution would be to do a dearmor of all keys: L146 having
wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg
Tested for Yarn repository and working and seems ok to dearmor a key not armored