Debian: Keyring installation is deprecated

alexs

alexs last edited by

The current keyring installation of Opera on Debian with apt-key is deprecated.
https://manpages.debian.org/bullseye/apt/apt-key.8.en.html
https://metadata.ftp-master.debian.org/changelogs//main/a/apt/apt_2.4.0_changelog

W: https://deb.opera.com/opera-stable/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

For https://deb.opera.com/manual.html update the keyring installation to

/usr/share/keyrings/opera-browser.gpg

And the source.list entry to

deb [signed-by=/usr/share/keyrings/opera-browser-keyring.gpg] https://deb.opera.com/opera-stable/ stable non-free

Example:
https://signal.org/de/download/linux/
https://help.vivaldi.com/desktop/install-update/manual-setup-vivaldi-linux-repositories/#APT_Debian_Ubuntu_Mint

gmiazga

gmiazga Opera @alexs last edited by

@alexs Thanks for noticing. It should be updated now.

dchalbert

dchalbert @gmiazga last edited by

@gmiazga I am using Opera on Ubuntu 22.04. Both the latest opera-stable and opera-beta still seem to put keys in /etc/apt/trusted.gpg. I'm seeing this with:

opera-stable_84.0.4316.31_amd64.deb
opera-beta_85.0.4341.13_amd64.deb

I downloaded both just now.

$ sudo apt update
...
Get:10 https://deb.opera.com/opera-beta stable/non-free amd64 Packages [1,120 B]
...
All packages are up to date.
W: https://deb.opera.com/opera-beta/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

If I remove /etc/apt/trusted.gpg, it is restored when opera is purged and then reinstalled.

$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2019-09-12 [SC] [expired: 2021-09-11]
      68E9 B2B0 3661 EE3C 44F7  0750 4B8E C3BA ABDC 4346
uid           [ expired] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>

pub   rsa4096 2021-06-23 [SC] [expires: 2023-06-23]
      9FBD E02F 55F2 54D7 0082  1CCC DD3C 368A 8DE1 B7A0
uid           [ unknown] Opera Software Archive Automatic Signing Key 2021 <packager@opera.com>
sub   rsa4096 2021-06-23 [E] [expires: 2023-06-23]

gmiazga

gmiazga Opera @dchalbert last edited by

@dchalbert Right, this is done by postinst script in .deb packages. Reported issue for this to be fixed.