0

The background

For some time now, apt-key warn users with deprecated messages like this one:

use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing keys from the main keyring

There is a lot of documentation online (on SE network and elsewhere) about "fixing" those apt-key warning by using gpg directly. For instance:

curl -sS <https://example.com/key/repo-key.gpg> | sudo apt-key add -

can be replaced by

curl -sS <https://example.com/key/repo-key.gpg> | gpg --dearmor | sudo tee /usr/share/keyrings/<repo>-archive-keyring.gpg

in order to avoid deprecated errors.

The issue

In Debian, sometimes we need to add Ubuntu PPA. We usually do something like:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com XXXXXX

that can become either of:

# something like
gpg --recv-keys --keyserver keyserver.ubuntu.com XXXXXX

# or something like
sudo gpg --no-default-keyring \
  --keyring /usr/share/keyrings/<myrepository>-archive-keyring.gpg \
  --keyserver <hkp://keyserver.ubuntu.com:80> \
  --recv-keys <fingerprint>

but there is a catch: gpg --keyserver option is also deprecated!

--keyserver name
    This option is deprecated

The question

How can we add an Ubuntu PPA on Debian 11 without using the deprecated gpg --keyserver option?

If that matter, my purpose is using it inside a script or an automation tool like ansible, so I would prefer to avoid manuals or GUI steps.

See also / Related

4wk_
  • 310
  • 3
  • 15

1 Answers1

0

Read further, as the sentence on the gpg(1) continues...

--keyserver name

This option is deprecated - please use the --keyserver in ‘dirmngr.conf’ instead.

If you are running GnuPG with sudo i.e. as root, you should configure it in /root/.gnupg/dirmngr.conf, otherwise in ~/.gnupg/dirmngr.conf:

keyserver hkps://keyserver.ubuntu.com
no-use-tor

The additional no-use-tor prevents GnuPG from trying to use Tor for the key retrieval, which is its default operation.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129