sudo apt update で以下の Warning が最近出るようになった.Debian GNU/Linux unstable (sid) 環境で,apt 2.4.5.
All packages are up to date.
W: https://repo.skype.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://packages.cloud.google.com/apt/dists/cloud-sdk-sid/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/debian/dists/sid/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details./usr/share/doc/apt/changelog.gz によると 2.4.0 からとのこと.
[/usr/share/doc/apt/changelog.gz] (partial excerpt)
apt (2.4.0) unstable; urgency=medium
* Warn if the legacy trusted.gpg keyring is used for verification
-- Julian Andres Klode <jak@debian.org> Tue, 22 Feb 2022 20:00:46 +0100以下で import した key が /etc/apt/trusted.gpg に保存されているのが原因で,最近は /etc/apt/trusted.gpg.d/ に置くことになっているとのこと(--dearmour した binary は .gpg として,ASCII armored keys は .asc で置くことになっている).
wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -man apt-key によると以下のとおり /etc/apt/keyrings に置く選択肢もあって,ただしこの場合 /etc/apt/sources.list で Signed-By option により path を指定知る必要があるらしく(deb822-styleを想定?),面倒そうなので普通に /etc/apt/trusted.gpg.d/ に置くことにした.
Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d
directory, you can place them anywhere on your filesystem by using the
Signed-By option in your sources.list and pointing to the filename of
the key. See sources.list(5) for details. Since APT 2.4,
/etc/apt/keyrings is provided as the recommended location for keys not
managed by packages. When using a deb822-style sources.list, and with
apt version >= 2.4, the Signed-By option can also be used to include
the full ASCII armored keyring directly in the sources.list without an
additional file.まず以下で,
sudo mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.0
sudo apt update以下のように必要な key を確認して,
Err:11 http://packages.cloud.google.com/apt cloud-sdk-sid InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FEEA9169307EA071 NO_PUBKEY 8B57C5C2836F4BEB
Err:12 https://repo.skype.com/deb stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1F3045A5DF7587C3
Err:18 http://linux.dropbox.com/debian sid Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FC918B335044912Eあとは,以下で順に export していった.
sudo mv /etc/apt/trusted.gpg.0 /etc/apt/trusted.gpg
sudo apt update
sudo apt-key export FEEA9169307EA071 8B57C5C2836F4BEB | gpg --dearmour | sudo sh -c 'cat > /etc/apt/trusted.gpg.d/packages.cloud.google.com.gpg'
sudo apt-key export 1F3045A5DF7587C3 | gpg --dearmour | sudo sh -c 'cat > /etc/apt/trusted.gpg.d/repo.skype.com.gpg'
sudo apt-key export FC918B335044912E | gpg --dearmour | sudo sh -c 'cat > /etc/apt/trusted.gpg.d/linux.dropbox.com.gpg'
sudo rm /etc/apt/trusted.gpg