Op 20-06-2023 om 08:53 schreef Rick Thomas:
On Mon, Jun 19, 2023, at 8:27 PM, Jeffrey Walton wrote:
On Mon, Jun 19, 2023 at 11:15 PM Rick Thomas <rick.tho...@pobox.com> wrote:
Now when I do "apt update" I get this message:
.W:
https://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: Key
is stored in legacy trusted.gpg
keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in
apt-key(8) for details.
Has anybody else seen this? If so, what did you do? And did it help?
I _think_ the key should be stored in its own file under
/etc/apt/trusted.gpg.d. Maybe something like
/etc/apt/trusted.gpg.d/virtual-box.gpg.
That was the method suggested after using /etc/apt/trusted.gpg became
deprecated. These days, another method is preferred: adding
[signed-by=<path>] to the sources.list line and putting the key in
/usr/share/keyrings or /etc/apt/keyrings.
This squares with what I get from RTFM, and I'm glad to hear the confirmation,
but...
Where can I get the text to put into /etc/apt/trusted.gpg.d/virtual-box.gpg
Here: https://www.virtualbox.org/download/oracle_vbox_2016.asc
Got that from https://www.virtualbox.org/wiki/Linux_Downloads
They suggest adding the source line to /etc/apt/sources.list, which is
not what I would do. You should really put in a separate file in
/etc/apt/sources.list.d/. This is what I would do:
sudo tee /etc/apt/sources.list.d/virtualbox.list <<-EOT
deb [arch=amd64 signed-by=/usr/share/keyrings/virtualbox.asc]
https://download.virtualbox.org/virtualbox/debian bullseye contrib
EOT
Followed by:
sudo wget -O /usr/share/keyrings/virtualbox.asc
https://www.virtualbox.org/download/oracle_vbox_2016.asc
No need to dearmor.
Regards,
Frank