Il 29/07/25 19:28, Christopher Huhn ha scritto:
Hi,
Am 29.07.25 um 14:56 schrieb Diego Zuccato:
Using trusted.gpg is deprecated.
Hm, dut deprecation means "it will probably stop working" and not that
it's already broken, doesn't it?
I'm not sure of the current deprecation stage: I'm using the signed-by
since I remember adding extra repositories...
Just use another dir and add to the list files a "signed-by" option.
Is this already supported by FAI in the way package_config/CLASS.asc is?
It's supported as long as you create the files and fcopy 'em from a
script. There's probably a better way, but this one works :)
If I'm not mistaken apt has become very picky about the extension of
the files in /etc/apt/trusted.gpg.d:
* Binary keys must be named *.gpg
* ASCII-armored keys must be named *.asc
Probably you are dealing with the latter?
Nope. I have, for example,
/srv/fai/config/files/etc/apt/keyrings/salt-archive.keyring.gpg/SALT
with the binary key and the installed salt.list file is:
deb [signed-by=/etc/apt/keyrings/salt-archive-keyring.gpg arch=amd64]
https://packages.broadcom.com/artifactory/saltproject-deb/ stable main
The apt-secure man page has more details.
IMHO the best way forward is to migrate the sources.list to the DEB822
format with the GPG keys inline instead of a separate file.
The sources.list man page contains an example in the Signed-By section.
I'll have to have a look at it. IMVHO the new format is harder to script
and does not offer much more, just a step towards RedHat formats :(
Diego
