Raspbian

raspbian-archive-keyring: apt-key should not be used in scripts

Bug #1727874 reported by Alistair Buxton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Raspbian
New
Undecided
Unassigned

Bug Description

When running dpkg --configure -a:

Warning: apt-key should not be used in scripts (called from postinst maintainerscript of the package raspbian-archive-keyring)

Currently it does:

    apt-key add /usr/share/keyrings/raspbian-archive-keyring.gpg > /dev/null

Instead the package should just ship the keyring in /etc/apt/trusted.gpg.d/

Revision history for this message
MichaIng (michaing) wrote :

Moreover apt-key should not be used at all since it has been deprecated with newest APT and will be removed in Q2/2022. I agree with Alistair that the key should be shipped within the effective directory /etc/apt/trusted.gpg.d/raspbian-archive-keyring.gpg directly, like the raspberrypi.org and Debian keyring packages do.

For reference:
- https://metadata.ftp-master.debian.org/changelogs//main/a/apt/apt_2.1.11_changelog
- https://github.com/RPi-Distro/pi-gen/issues/460

Revision history for this message
MichaIng (michaing) wrote :

Since Bookworm (the respective APT version), /etc/apt/trusted.gpg itself has been deprecated as well, which adds a 2nd warning regarding this package: https://github.com/RPi-Distro/repo/issues/348

What I posted above still holds and solves both warnings. Additionally, since Bullseye, it would be possible to ship the key in ASCII-armored format instead as /etc/apt/trusted.gpg.d/raspbian-archive-keyring.asc, which is how debian-archive-keyring does it since Bookworm.

In case there is some public repository to send PRs/MRs to, I am open to do that. Just let me know.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.