loader image

Fixing “Key is stored in legacy trusted.gpg keyring” Issue in Ubuntu

What makes us different from other similar websites? Forums Tech Fixing “Key is stored in legacy trusted.gpg keyring” Issue in Ubuntu

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #6862
    thumbtak
    Keymaster

    If you use a PPA or add an external repository in Ubuntu 22.04 and later versions, chances are that you will see a message like this:

    W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details

    First thing first. It is not an error, it is a warning message. A warning does not stop the procedure. You can continue upgrading your system even if you see this warning message during an update.

    If you don’t like seeing the warning message, you can take some manual steps to get rid of it.

    There are two ways; the proper way and the quick and dirty way. Read both methods and see which one you feel comfortable with.

    Method 1: Import the key [Proper but complicated way]

    First, list all the GPG keys added to your system.

    $ sudo apt-key list

    This will show a huge list of keys stored in your system. What you have to do here is to look for the keys associated with the warning message.

    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    /etc/apt/trusted.gpg
    ——————–
    pub rsa4096 2014-01-13 [SCEA] [expired: 2019-01-12]
    418A 7F2F B0E1 E6E7 EABF 6FE8 C2E7 3424 D590 97AB
    uid [ expired] packagecloud ops (production key)

    pub rsa4096 2016-02-18 [SCEA]
    DB08 5A08 CA13 B8AC B917 E0F6 D938 EC0D 0386 51BD
    uid [ unknown] https://packagecloud.io/slacktechnologies/slack (https://packagecloud.io/docs#gpg_signing)
    sub rsa4096 2016-02-18 [SEA]

    /etc/apt/trusted.gpg.d/audio-recorder-ubuntu-ppa.gpg
    —————————————————-
    pub rsa4096 2015-08-30 [SC]
    42EF 41ED 9813 B713 D4F1 F06D 5CF1 2638 ACF9 669F
    uid [ unknown] Launchpad PPA for Team audio-recorder

    /etc/apt/trusted.gpg.d/danielrichter2007-ubuntu-grub-customizer.gpg
    ——————————————————————-
    pub rsa1024 2010-10-08 [SC]
    59DA D276 B942 642B 1BBD 0EAC A8AA 1FAA 3F05 5C03

    How do you do that? Read the message carefully.

    W: https://packagecloud.io/slacktechnologies/slack/debian/dists/jessie/InRelease: Key is stored in legacy

    In my case, the repository has keywords like packagecloud, slacktechnologies. It is shown at the top of the apt-key list output. You may have to scroll a bit in your case.

    In this rare case, the external repository added by Slack, has two GPG keys. One of them is expired and I’ll ignore it. You may not have such a situation.

    You should the last 8 characters (excluding the space) under the line after pub.

    /etc/apt/trusted.gpg
    ——————–
    pub rsa4096 2014-01-13 [SCEA] [expired: 2019-01-12]
    418A 7F2F B0E1 E6E7 EABF 6FE8 C2E7 3424 D590 97AB
    uid [ expired] packagecloud ops (production key)

    pub rsa4096 2016-02-18 [SCEA]
    DB08 5A08 CA13 B8AC B917 E0F6 D938 EC0D 0386 51BD
    uid [ unknown] https://packagecloud.io/slacktechnologies/slack (https://packagecloud.io/docs#gpg_signing)

    So from the line “DB08 5A08 CA13 B8AC B917 E0F6 D938 EC0D 0386 51BD”, I’ll take the last 8 characters “0386 51BD”, remove the space and then use it to import the GPG key in its dedicated file under the /etc/apt/trusted.gpg.d directory:

    screenshot

    $ sudo apt-key export 038651BD | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/slack.gpg

    Run the update again and now you should not see the warning message anymore.

    Method 2: Copy to the trusted.gpd.d directory [Quick and dirty way]

    If you don’t feel comfortable doing all the above stuff manually, well, you can ignore the warning message. I mean, ignoring it is always an option.

    Another option is to copy the /etc/apt/trusted.gpg file to /etc/apt/trusted.gpg.d directory. After all, Ubuntu only complains that it needs the GPG keys in /etc/apt/trusted.gpg.d directory.

    You’ll still have to use the terminal. Open it and use the following command:

    $ sudo cp /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d

    Now, if you run the update, you won’t see the “Key is stored in legacy trusted.gpg keyring” warning message anymore.

    screenshot

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
TAKs Shack