So rather than:From: Julian Andres Klode <[email protected]>
Well, problem solved than. apt-key is basically deprecated this
release cycle, it's not guaranteed to work at all anymore.
The correct way is to install key files into trusted.gpg.d.
The reason for this is that we do not want to depend on gnupg: This
takes a lot of space, and starts a lot of daemons every time we want
to verify some keys.
Debian Developer - deb.li/jak | jak-linux.org - free software dev
| Ubuntu Core Developer |
Alan Franzoni (alanfranz) wrote on 2016-10-19:
This is related to https://bugs.launchpad.net/ubuntu/+sour ... ug/1634464 as well, where the maintainer says the "apt-key adv" is deprecated ("like everything else"). Not easy to understand what's deprecated.
By the way, "gpg --keyserver YYY --recv-key XXX" works 100% in Ubuntu Xenial, with no deprecation or warning whatsoever. It should not break in such unexpected way on Yakkety. It seems a gnupg->gnupg2 migration issue to me; I think that at least for Yakkety dirmngr should be included as a required dependency from gnupg2, a warning on the deprecation of such feature could be issues, then the dirmngr package could be switched to an optional dep LATER.
Even though IMHO such behaviour is still bad. If I do "gpg --help" in ubuntu yakkety, I clearly see the "--recv-keys" option. Then it breaks when using it if dirmngr is not installed. I would not list such option and let the user employ a different command altogether for fetching remote keys, instead: that would be WAY easier.
By the way, PLEASE consider that
"apt-key adv --keyserver ..."
is a VERY widely used and recommended command for installing keys. And some keyservers may not even expose a decent way of fetching public keys without the HKP protocol, making gpg --keyserver "the right choice".
Seth Arnold (seth-arnold) wrote on 2016-10-19:
"apt-key adv --recv-key" may be common advice but after the introduction of /etc/apt/trusted.gpg.d/ it is also bad advice.
We should definitely edit the apt-key(8) manpage to include the right commands to use to populate /etc/apt/trusted.gpg.d/ instead of adv --recv-key.
Code: Select all
apt-key adv --keyserver XXX --recv-keys YYY
Code: Select all
gpg --keyserver XXX --recv-keys YYY