Manage keyring files in trusted.gpg.d

General Linux Question
1

Hello,

I’m trying to import a keyfile into Debian 11, unfortunately the documented process uses apt-key which is now deprecated.

I’m trying to “convert” that process to use gpg instead which is reporting errors.

This is the command that I am trying:

wget https://www.bacula.org/downloads/Bacula-4096-Distribution-Verification-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/bacula-community.gpg

And here is the response

--2023-10-05 16:45:52--  https://www.bacula.org/downloads/Bacula-4096-Distribution-Verification-key.asc
Resolving www.bacula.org (www.bacula.org)... 94.103.98.87
Connecting to www.bacula.org (www.bacula.org)|94.103.98.87|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3148 (3.1K) [text/plain]
Saving to: ‘Bacula-4096-Distribution-Verification-key.asc.4’

Bacula-4096-Distrib 100%[===================>]   3.07K  --.-KB/s    in 0s      

2023-10-05 16:45:53 (153 MB/s) - ‘Bacula-4096-Distribution-Verification-key.asc.4’ saved [3148/3148]

gpg: no valid OpenPGP data found.

Is this a problem with the key file or my attempt to use gpg rather than apt-key?

VW

2

Please try this instead:

curl https://www.bacula.org/downloads/Bacula-4096-Distribution-Verification-key.asc | gpg --dearmor | sudo tee /usr/share/keyrings/bacula-community.gpg > /dev/null 2>&1

How and why this works but your earlier command did not work?

The asc is in plain text format. wget downloads the file. When you provide a text file to gpg --dearmor, it doesn’t like it and complains about it.

When you use curl, it doesn’t save the file (by default). Instead it displays the content on the screen which is actually piped to gpg --dearmor and it does not complain this time… the dearmored output is then saved as GPG file in /usr/share/keyring file you provided to it.

The extra /dev/null 2&>1 means that you won’t see the errors or outputs on the screen (which is good otherwise you’ll see a bunch of random ascii text when gpg dearmor is used)

2 Likes
3

Hello Abhishek,

Thanks for your very helpful response.

Your command appeared to work fine and I appreciate the explanation.

However, on testing access to the repository, there are a number of warnings, so I’m not sure if the sources.list.d configuration is correct.

Would be interested in your thoughts.

When I run:
sudo apt-get update

I see:
Hit:1 http://security.debian.org/debian-security bullseye-security InRelease
Hit:2 http://deb.debian.org/debian bullseye InRelease                          
Hit:3 http://deb.debian.org/debian bullseye-updates InRelease                  
Hit:4 https://linux.teamviewer.com/deb stable InRelease                        
Ign:5 https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease
Hit:6 https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye Release
Reading package lists... Done
W: Skipping acquire of configured file 'stable/binary-amd64/Packages' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'stable/i18n/Translation-en' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'stable/i18n/Translation-en_AU' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'stable/dep11/Components-amd64.yml' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'stable/dep11/icons-48x48.tar' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'stable/dep11/icons-64x64.tar' as repository 'https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye InRelease' doesn't have the component 'stable' (component misspelt in sources.list?)

Are the warnings normal, or have I messed up?

The sources.list.d entry is:

deb [signed-by=/usr/share/keyrings/bacula-community.gpg] https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye main stable

Note: The ‘@access-key@’ is really the character string from the registration e-mail, I’m not sure if this string is considered to be private, so I have substituted in this post just in case.

Regards,
VW

4

As per the documentation, the term stable should not be there in the sources.list file:

image
image635×515 48.3 KB

Try editing it to:

deb [signed-by=/usr/share/keyrings/bacula-community.gpg] https://www.bacula.org/packages/@access_key@/debs/13.0.3 bullseye main