APT-KEY is deprecated, update instructions for install

[alison-gravley]

As you may or may not know, apt-key is deprecated. I did the below instead and it works fine for me. I think Ubunutu would be the same or similar, but I don't know.

I used bits from this article to figure it out. I didn't bother migrating.

OS Info

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian

Distro: DietPi v8.23.3
Device model : RPi 4 Model B (aarch64)

Step 1: Fix /etc/apt/sources.list.d/et.list

Add arch signed by with the gpg key location.

The gpg file should go in /etc/apt/keyrings/, /usr/share/keyrings, or really anywhere as long as it matches what is in the et.list.

The format should be something like this:

deb [arch=arm64 signed-by=/etc/apt/keyrings/et.gpg] https://mistertea.github.io/debian-et/debian-source/ bookworm main

You could probably automate the arch field using

dpkg --print-architecture

and at least on my version of debian, to get the codename:

cat /etc/os-release | sed -n -e 's/^VERSION_CODENAME=//p'

I figure it isn't great or worth it to automate the codename part, but you could insert the architecture like this:

echo "deb [arch="$(dpkg --print-architecture) "signed-by=/etc/apt/keyrings/et.gpg] https://mistertea.github.io/debian-et/debian-source/ bookworm main" | sudo tee /etc/apt/sources.list.d/et.list

Step 2: Put the GPG file in the "correct" location

The gpg file should go in /etc/apt/keyrings/, /usr/share/keyrings, or really anywhere as long as it matches what is in the et.list

curl -sS https://mistertea.github.io/debian-et/et.gpg -o /etc/apt/keyrings/et.gpg

After that, I just ran 'apt update' and 'apt install et' like normal.

[mjkelly]

Thanks @alison-gravley for the bookworm install instructions! I just used them on a Debian bookworm host after seeing the deprecation notice about /etc/apt/trusted.gpg.

To be clear to non-Debian users why it's worth updating to the new way of storing keys, any ET user who installed the old way will see this warning message every time they run apt update:

W: https://mistertea.github.io/debian-et/debian-source/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

For new bookworm installation instructions on the website, what about the following?

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/et.gpg] https://mistertea.github.io/debian-et/debian-source/ bookworm main" | sudo tee /etc/apt/sources.list.d/et.list  
curl -sS https://mistertea.github.io/debian-et/et.gpg | sudo tee /etc/apt/keyrings/et.gpg >/dev/null
sudo apt update
sudo apt install et

The only difference from Alison's commands above are:

1. Call $(dpkg --print-architecture) directly inside the double-quoted string.
2. Use sudo tee /etc/apt/keyrings/et.gpg >/dev/null so we don't have to call curl with sudo or run the whole command as root.

If it's useful, here's a transcript of an install on a fresh bookworm VM using these instructions. I only ran apt update and apt upgrade beforehand: https://pastebin.com/raw/tSkHKjsj

[mjkelly]

I just realized /etc/apt/keyrings/ doesn't exist on bullseye hosts. So it seems that generic Debian installation instructions either need to:

1. Provide separate full sets of installation commands for bullseye and bookworm (using different paths to store the gpg key), or
2. Use a directory that exists on both bullseye and bookworm to store the gpg key.

(2) seems simpler. That would give us something like this, using /etc/apt/trusted.gpg.d/ for the key:

echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/trusted.gpg.d/et.gpg] https://mistertea.github.io/debian-et/debian-source/ bullseye main" | sudo tee /etc/apt/sources.list.d/et.list
curl -sS https://mistertea.github.io/debian-et/et.gpg | sudo tee /etc/apt/trusted.gpg.d/et.gpg >/dev/null
sudo apt update
sudo apt install et

("bullseye" and "bookworm" both work here)

Here's a transcript of using these installation instructions on a fresh bullseye (debian 11.4) VM: https://pastebin.com/raw/kvfyJ9Fi
And with bookworm (debian 12.5) again, just to show it still works: https://pastebin.com/raw/ki47AWpK

[alison-gravley]

I just realized /etc/apt/keyrings/ doesn't exist on bullseye hosts. So it seems that generic Debian installation instructions either need to:

You should be able to create the folder if it doesn't exist.

I am glad this was able to help, and a little surprised the instructions still haven't been updated or changed.