Fixing deprecation warning about key stored in trusted.gpg keyring

Fixing deprecation warning about key stored in trusted.gpg keyring

Fixing deprecation warning about key stored in trusted.gpg keyring

Fixing the deprecation warning about key stored in trusted.gpg keyring

When running apt update, you might have encountered this warning about the legacy trusted.gpg keyring:

$ sudo apt update
Hit:1 http://debian-archive.trafficmanager.net/debian bookworm InRelease
Hit:2 http://debian-archive.trafficmanager.net/debian-security bookworm-security InRelease
Hit:3 http://debian-archive.trafficmanager.net/debian bookworm-updates InRelease
Hit:4 http://debian-archive.trafficmanager.net/debian bookworm-backports InRelease
Hit:5 https://packages.microsoft.com/debian/12/prod bookworm InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://packages.microsoft.com/debian/12/prod/dists/bookworm/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)
, see the DEPRECATION section in apt-key(8) for details.

To fix the issue, you need to move the key from the legacy trusted.gpg keyring to the trusted.gpg.d directory.

Here are the steps to do it.

List existing keys

Open a terminal and list the keys:

$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>

/etc/apt/trusted.gpg.d/debian-archive-bookworm-automatic.asc
------------------------------------------------------------
pub   rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
      B8B8 0B5B 623E AB6A D877  5C45 B7C5 D7D6 3509 47F8
uid           [ unknown] Debian Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expires: 2031-01-19]

/etc/apt/trusted.gpg.d/debian-archive-bookworm-security-automatic.asc
---------------------------------------------------------------------
pub   rsa4096 2023-01-21 [SC] [expires: 2031-01-19]
      05AB 9034 0C0C 5E79 7F44  A8C8 254C F3B5 AEC0 A8F0
uid           [ unknown] Debian Security Archive Automatic Signing Key (12/bookworm) <ftpmaster@debian.org>
sub   rsa4096 2023-01-21 [S] [expires: 2031-01-19]

/etc/apt/trusted.gpg.d/debian-archive-bookworm-stable.asc
---------------------------------------------------------
pub   ed25519 2023-01-23 [SC] [expires: 2031-01-21]
      4D64 FEC1 19C2 0290 67D6  E791 F8D2 585B 8783 D481
uid           [ unknown] Debian Stable Release Key (12/bookworm) <debian-release@lists.debian.org>
[...]

The actual list produced will vary from system to system. Look for the key that is stored in /etc/apt/trusted.gpg. In this case, it is this key:

/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>

Export the key

Copy the key ID (in this case BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF and use it to export the key:

$ sudo apt-key export "BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF" | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/microsoft.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Remove the key from legacy keyring

After exporting the key, remove it from the legacy keyring:

$ sudo apt-key del "BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF"
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK

Update the package list

Update your package list to verify the changes are applied:

$ sudo apt update
Hit:1 http://debian-archive.trafficmanager.net/debian bookworm InRelease
Hit:2 http://debian-archive.trafficmanager.net/debian-security bookworm-security InRelease
Hit:3 http://debian-archive.trafficmanager.net/debian bookworm-updates InRelease
Hit:4 http://debian-archive.trafficmanager.net/debian bookworm-backports InRelease
Get:5 https://packages.microsoft.com/debian/12/prod bookworm InRelease [3618 B]
Get:6 https://packages.microsoft.com/debian/12/prod bookworm/main armhf Packages [14.3 kB]
Get:7 https://packages.microsoft.com/debian/12/prod bookworm/main arm64 Packages [24.4 kB]
Get:8 https://packages.microsoft.com/debian/12/prod bookworm/main amd64 Packages [92.2 kB]
Fetched 131 kB in 1s (167 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

More articles