Fix deprecation warning when adding additional apt repositories in Ubuntu

Posted 11 months ago. Visible to the public.

When running Ubuntu 22.04 or newer, using apt-key for adding signing keys to the list of trusted keys for package repositories is deprecated. Here's how to convert to the newly recommended method. Keys have been saved to the keyring file in /etc/apt/trusted.gpg but now should be placed into their own keyring in /etc/apt/trusted.gpg.d/

Error message

The error message looks like this:

W: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Adding the key to right place

To add the key, first find out its ID:

$ sudo apt-key list

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).                                                                                                                                                                                                                                                                              
pub   dsa1024 2007-03-08 [SC]                                                                                                                                                                                                                                                                                                                                                
      4CCA 1EAF 950C EE4A B839  76DC A040 830F 7FAC 5991                                                                                                                                                                                                                                                                                                                     
uid           [ unknown] Google, Inc. Linux Package Signing Key <>                                                                                                                                                                                                                                                                        
sub   elg2048 2007-03-08 [E]                                                                                                                                                                                                                                                                                                                                                 
pub   rsa4096 2011-10-13 [SC]
      B97B 0AFC AA1A 47F0 44F2  44A0 7FCC 7D46 ACCC 4CF8
uid           [ unknown] PostgreSQL Debian Repository

This list will be quite long. Look for the key that describes the apt repository you added and pick the last 8 characters of its ID, i.e. in our PostgreSQL example, pick ACCC 4CF8

Now write the key to the directory of trusted keys:

$ sudo apt-key export ACCC4CF8 | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/postgres.gpg
$ sudo apt-get update

Now the error message should no longer appear.

Florian Heinle
Last edit
10 months ago
Marius Schuller
Source code in this card is licensed under the MIT License.
Posted by Florian Heinle to makandra orga (2022-11-09 15:52)