W: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details

Question

I have installed gazebo on my ubuntu 22.04 LTS following the steps in https://classic.gazebosim.org/tutorials?tut=install_ubuntu via their alternative installation. I am getting the following error when I try to update the packages using sudo apt update

W: http://packages.osrfoundation.org/gazebo/ubuntu-stable/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

I have tried deleting the key from apt-key list but it gave me additional warning about unable to very the key, since the public key was missing. Is there a way for fixing this warning?

I have referred the a similar solution at Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead but couldn't solve the problem.

Answer 1

I had the same problem trying to install the amazon workspacesclient on ubuntu 22.04 and ubuntu 20.04.

After following the instructions I got this error trying to do apt-get update:

w: https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu/dists/jammy/inrelease: the key(s) in the keyring /etc/apt/trusted.gpg.d/amazon-workspaces-clients.gpg are ignored as the file has an unsupported filetype. w: gpg error: https://d3nt0h4h6pmmc4.cloudfront.net/ubuntu jammy inrelease: the following signatures couldn't be verified because the public key is not available: no_pubkey 04b0588859ef5026

It's because of this:

cd /etc/apt/trusted.gpg.d

file *

amazon-workspaces-clients.gpg: PGP public key block Public-Key (old)

ubuntu-keyring-2012-cdimage.gpg: OpenPGP Public Key Version 4, Created Fri May 11 22:10:48 2012, RSA (Encrypt or Sign, 4096 bits); User ID; Signature; OpenPGP Certificate

ubuntu-keyring-2018-archive.gpg: OpenPGP Public Key Version 4, Created Mon Sep 17 15:01:46 2018, RSA (Encrypt or Sign, 4096 bits); User ID; Signature; OpenPGP Certificate

The old style of pgp key is no longer supported, but there is a simple fix:

mv amazon-workspaces-clients.gpg amazon-workspaces-clients.asc

then apt-get update works without complaint and you can continue to install

apt-get install workspacesclient

Answer 2

Follow the following for resolution.

Run the following command to download and add the key:

> curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Open or create the Docker repository file:

> sudo nano /etc/apt/sources.list.d/docker.list

Replace the existing with following.

> deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu bionic stable

Before updating please verify for any duplicate repos,

> sudo apt update

Answer 3

this way to automate the process for all keys:

sudo apt-key list 2>&1 | grep -E '/(trusted.gpg.d)' -A 3 | grep -v '^--' | grep -v '^pub ' | /bin/sed 's@./trusted.gpg.d/(.)@\1@g' | /bin/awk 'NR%2{printf "%s ",$0;next;}1' | /bin/awk '{print "sudo apt-key export "$10$11" | sudo gpg --dearmour -o /usr/share/keyrings/"$1}' | xargs -I'{}' bash -c "eval '{}'".

Referenced URL: https://askubuntu.com/questions/1398344/apt-key-deprecation-warning-when-updating-system

Answer 4

Most daily driver Linux users can just sidestep the warning:

cd /etc/apt
sudo cp trusted.gpg trusted.gpg.d
sudo apt update

This is a current security discussion in Linux so I can only report what's going on at time of writing. System updates for some major Linux distros work on a method where apt-key would store all the authentication keys for all your package repositories in one place. This is convenient, but has some potential security issues. The potential security issues are finally being remedied. However, current proposals for a "fix" are too complex for most users to implement. And if nobody's going to use it, it's not a real fix. In a large distro like Ubuntu you are likely to see a warning such as "apt-key is deprecated" or "Key is stored in legacy...". This is only a warning to prepare you for a future update. Hopefully once security experts decide to enforce this policy, there will be an easy patch for most users (e.g. the next update to apt may quietly "fix" the issue so that warnings will disappear).

Advanced users who actually do things with keys may want to be more careful. Please immediately read and follow a trusted blog post for more info, such as: https://itsfoss.com/apt-key-deprecated/

Answer 5

Recently, I have came across a blog post, which listed different methods to solve this issue in a more general approach. I have used the third one listed in here. The method is simple but a forceful one, but it worked for me. I would like to quote the words in the blog post

It is a forceful method because we are not converting keys but instead directly moving legacy keys to a trusted folder, , it may be not a wise idea still if you are not finding any other quick way for your Legacy key hen here is the one to use:

simple navigate to the key listing folder by using cd command and then use a cp command. you can use the code snippet given below(taken from the blog post).

cd /etc/apt
sudo cp trusted.gpg trusted.gpg.d

Other possible solutions are also listed in the same and you can check those too!

Answer 6

cd /etc/apt

Followed by:

sudo cp trusted.gpg trusted.gpg.d

Now run a sudo apt update The error shouldn't be showing again

Answer 7

You can convert your keys from the old apt-key tool to the new apt trusted keys format.

First, you should search for your key ID.

Try apt-key list gazebo, if only ones return, it will be easy. Simply run this command.

apt-key export gazebo | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/gazebo-key.gpg

and that warning will go away

Additionally, you can specify the key file in the source definition. But by default, apt will check all valid keys.

Check this site for an example

https://tecadmin.net/resolved-key-is-stored-in-legacy-trusted-gpg-keyring/