Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Ubuntu] Key is stored in legacy trusted.gpg keyring (apt warning) #1338

Closed
gander opened this issue Oct 20, 2022 · 24 comments
Closed

[Ubuntu] Key is stored in legacy trusted.gpg keyring (apt warning) #1338

gander opened this issue Oct 20, 2022 · 24 comments
Labels
Bug Distro-Specific only for certain distributions, desktop environments or display servers Documentation External depends on others/upstream HELP-WANTED Used by 24pullrequests.com to suggest issues

Comments

@gander
Copy link

gander commented Oct 20, 2022

On Ubuntu, I am getting such an error from APT

W: http://ppa.launchpad.net/bit-team/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

@aryoda
Copy link
Contributor

aryoda commented Oct 21, 2022

Thanks for your report. Could please describe the steps to reproduce this problem on a fresh Ubuntu 22.04 so that I can look into this on a Virtual Machine (VM)?

Beyond that I am not quite sure if this is a Back In Time problem at all, for a possible solution see eg.:

https://askubuntu.com/questions/1403556/key-is-stored-in-legacy-trusted-gpg-keyring-after-ubuntu-22-04-update

Edit: Did you do a fresh installation of U22.04 or a migration from a previous version with an existing keyring?

@emtiu emtiu added the Feedback needs user response, may be closed after timeout without a response label Oct 21, 2022
@freiheitsnetz
Copy link

I agree with @aryoda : This sounds exactly like the changes which where done in apt and is not a problem of Back In Time.
There are many threads on askubuntu on this issue and you can follow the guidelines given in https://askubuntu.com/questions/1398344/apt-key-deprecation-warning-when-updating-system to fix it.

@emtiu emtiu added Distro-Specific only for certain distributions, desktop environments or display servers Bug External depends on others/upstream and removed Feedback needs user response, may be closed after timeout without a response labels Oct 22, 2022
@emtiu emtiu changed the title [BUG] Key is stored in legacy trusted.gpg keyring [Ubuntu] Key is stored in legacy trusted.gpg keyring Oct 22, 2022
@gander
Copy link
Author

gander commented Oct 23, 2022

I was sure it was something with this repository, because I installed this program on a fresh installation of Linux Mint 21 (based on Ubuntu 22.04), and only in this repository I have this deprecation

@gander
Copy link
Author

gander commented Oct 24, 2022

I corrected these settings in file bit-team-stable-jammy.list as it was in the article.

Before:

deb http://ppa.launchpad.net/bit-team/stable/ubuntu jammy main

After:

deb [arch=amd64 signed-by=/usr/share/keyrings/launchpad.gpg] http://ppa.launchpad.net/bit-team/stable/ubuntu jammy main

However, this does not fix the problem as this file was created during the installation of the application.

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

Could you please share your sudo apt-key list output here? These keys must be migrated to a new keyring too (just changing the key reference in the *.list file does not change much...

And: Which installation steps (instructions) did you follow to install BiT? It look like you have installed from launchpad.net (https://launchpad.net/~bit-team/+archive/ubuntu/stable)...

@gander
Copy link
Author

gander commented Oct 24, 2022

I have already fixed this problem by following these instructions. I am no longer seeing these warnings.

As already mentioned, I use Linux Mint, and here I have a Software Manager (mintinstall) with the package backintime-qt available.

Package: backintime-qt                   
Version: 1.3.2~jammy
State: installed
Automatically installed: no
Priority: extra
Section: utils
Maintainer: BIT Team <[email protected]>
Architecture: all
Uncompressed Size: 418 k
Depends: x11-utils, libnotify-bin, python3-pyqt5, python3-dbus.mainloop.pyqt5, policykit-1, backintime-common (>= 1.3.2~jammy~), python3:any (>= 3.3~)
Recommends: python3-secretstorage
Suggests: meld | kompare
Conflicts: backintime-gnome (< 1.3.2~jammy~), backintime-kde (< 1.3.2~jammy~), backintime-kde4 (< 1.3.2~jammy~), backintime-notify (< 1.3.2~jammy~),
           backintime-qt4 (< 1.3.2~jammy~)
Replaces: backintime-gnome (< 1.3.2~jammy~), backintime-kde (< 1.3.2~jammy~), backintime-kde4 (< 1.3.2~jammy~), backintime-notify (< 1.3.2~jammy~),
          backintime-qt4 (< 1.3.2~jammy~)
Description: Simple backup system
 This is a Qt5 GUI frontend for backintime-common.
Package: backintime-common               
Version: 1.3.2~jammy
State: installed
Automatically installed: yes
Priority: extra
Section: utils
Maintainer: BIT Team <[email protected]>
Architecture: all
Uncompressed Size: 1366 k
Depends: rsync, cron-daemon, openssh-client, python3-keyring, python3-dbus, python3:any (>= 3.3~)
Recommends: sshfs, encfs
Conflicts: backintime
Replaces: backintime
Description: Simple backup system (common)
 This package contains non GUI files used by different GUI fontends.

@emtiu
Copy link
Member

emtiu commented Oct 24, 2022

Okay, so If I understand correctly, we can close this issue, because it wasn't backintime's fault. Do we need to write a README/FAQ entry about this?

@gander
Copy link
Author

gander commented Oct 24, 2022

I do not know. If this is a problem with Launchpad, you should report it there. I don't know how to configure applications on Launchpad, so it may also be an outdated configuration in your project.

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

I think we should not (yet) write a FAQ so far since

  • the exact reason is still not reproducible without the exact installation steps (the existence of the bit-team-stable-jammy.list indicates that a 3rd-party repo (launchpad?) was added before using the Mint Software Manager for the installation but this first step is neither confirmed nor dismissed by the OP so far)
  • a solution would require to set up a VM with Mint 21 and document the steps to solve this
  • there is only one user reporting this so far.
  • the OP has linked a general description how to solve this (THX @gander)

@gander
Copy link
Author

gander commented Oct 24, 2022

Do you know geocaching? It reminds me a bit of the situation in this game. People have a problem with the cache, but instead of reporting that it is missing or damaged, they do nothing. The owner doesn't know there's a problem because no one is reporting it. And here is a similar situation. There was one who reported, but you find it is an isolated incident.

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

I understand your concerns and we are spending much of our private spare time to do the best so please bare with us if we arbitrate issues to prioritize our limited resources.

@gander
Copy link
Author

gander commented Oct 24, 2022

Ok I understand. I forgot this is a private project. I will not get mad anymore. I encourage you to mention this in the README.

@gander
Copy link
Author

gander commented Oct 24, 2022

I will try to do such a test on the VM, and let you know, but it's in a separate thread.

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

OK, thank you very much!

It is important to write down the exact steps to make this problem reproducible so that we can find the reason in our code (or find out that it is a downstream problem eg. in packaging BiT).

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

@gander I get a clearer picture now about the steps to reproduce the warning (read this for details). It is not a BiT software bug itself but a documentation issue IMHO (and this affects ALL non-official ppa packages for Debian I guess).

Details

Our README describes how to install the latest stable release from the Ubuntu PPA (= from launchpad.net):

https://github.com/bit-team/backintime/blob/master/README.md#ubuntu-ppa

sudo add-apt-repository ppa:bit-team/stable

This command throws the warning on some newer distros like Mint 21:

$ sudo add-apt-repository ppa:bit-team/stable
You are about to add the following PPA:
 This repository contains stable releases for Back In Time.
 More info: https://launchpad.net/~bit-team/+archive/ubuntu/stable
Press Enter to continue or Ctrl+C to cancel

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.caIArshL3p/gpg.1.sh --keyserver hkps://keyserver.ubuntu.com:443 --recv-keys 589EEDCD16567B0E6D23C3144B6071B7D6FDC9D0
gpg: key 4B6071B7D6FDC9D0: public key "Launchpad Stable repository" imported
gpg: Total number processed: 1
gpg:               imported: 1

Since add-apt-repository uses the deprecated apt-key internally the warning is thrown.

Next steps

I suggest to

  1. [DONE] amend the installation instructions on our README to mention the warning and that it may be ignored for now (no need to fix).
  2. [OPEN] find and check the official installation instructions how to install the gpg key at the new location
    (esp. check that it always work in every distro, even old ones - this is quite much work with low prio ATM).

The recommended new installation steps (instead of apt-key) are unclear to me until I find an official recommendation for that (help welcome).

@emtiu I will send a PR for 1. (amend README). We could open a new separate issue for 2. or leave this issue open...

@aryoda
Copy link
Contributor

aryoda commented Oct 24, 2022

Internal note about official documentations how to install keys:

@aryoda
Copy link
Contributor

aryoda commented Oct 25, 2022

Note: After installation with apt-key (as documented in our README) also each apt-update shows the warning at the end:

W: http://ppa.launchpad.net/bit-team/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

The referenced DEPRECATION section in man akt-key 8 says:

DEPRECATION
Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace
existing use of apt-key.

   If your existing use of apt-key add looks like this:

   wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -

   Then you can directly replace this with (though note the recommendation below):

   wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

   Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also
   known as "GPG key public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format
   works for apt version >= 1.4.

   Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your
   filesystem by using the Signed-By option in your sources.list and pointing to the filename of the key. See
   sources.list(5) for details. Since APT 2.4, /etc/apt/keyrings is provided as the recommended location for keys not
   managed by packages. When using a deb822-style sources.list, and with apt version >= 2.4, the Signed-By option can also
   be used to include the full ASCII armored keyring directly in the sources.list without an additional file.

emtiu added a commit that referenced this issue Oct 25, 2022
…y_keyring_warning

Add "warning: apt-key is deprecated" to known issues (#1338)
@dkebler
Copy link

dkebler commented Oct 29, 2022

This is not a backintime issue. For whatever reasons canonical has deprecated apt-add and apt-key in jammy with no replacements. I gave up and wrote my own script to easily add a ppa from launchpad getting the key and putting it in the "new" right place. Its shared at this gist. I just wrote it so no guarantees. It's written for bash and is not posix. It uses gpg so that has be installed. It doesn't access the launchpad api directly to get the key id it actually parses the error when the key is missing during apt update to get the key id (totally a kludge but I couldn't find any easy docs on using the api).

It could be modified to install any repo/key not just a ppa.

https://gist.github.com/dkebler/877ee12b00088898e3f3c30b42cb9ed7

@aryoda aryoda changed the title [Ubuntu] Key is stored in legacy trusted.gpg keyring [Ubuntu] Key is stored in legacy trusted.gpg keyring (apt warning) Dec 1, 2022
@gander
Copy link
Author

gander commented Feb 9, 2023

Has anything changed since the last comment?

@buhtz
Copy link
Member

buhtz commented Feb 9, 2023

Would it make sense to open a bug report on Ubuntu itself because it seems highly ubuntu related?

@aryoda
Copy link
Contributor

aryoda commented Feb 9, 2023

Opening (or bumping an existing) issue at Ubuntu should help to gain attention here.

I really would like to dig deeper but currently my TODO list more than full.

Since this issue most likely does not require a change in our source code it would be great if someone would volunteer to help us finding (and documenting) a solution!

@barzine
Copy link

barzine commented Mar 4, 2023

There is probably a better way to do it, but this is how I have added the key and installed backintime from launchpad on my ubuntu 22.04 (and you may want to use a user keyring than a system one).
I basically followed and adapted the steps detailed at https://itsfoss.com/apt-key-deprecated/.

Before following the steps below, prepare all the needed and required backup!!

1)Get the link from https://launchpad.net/~bit-team/+archive/ubuntu/stable under Technical details about this PPA > get the link to the Signing Key

image

and download to the trusted keyring

curl -sS "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x589eedcd16567b0e6d23c3144b6071b7d6fdc9d0" |  \ 
gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/bit_team_pub.gpg

2)Check that the fingerprint is the same with: gpg --show-keys /etc/apt/trusted.gpg.d/bit_team_pub.gpg

image

3)Add the repo to your sources.list

echo  "deb [signed-by=/etc/apt/trusted.gpg.d/bit_team_pub.gpg] https://ppa.launchpadcontent.net/bit-team/stable/ubuntu jammy main" | sudo tee /etc/apt/sources.list.d/bitteam.list

4)Finally, install / update backintime:

sudo apt update
sudo apt install backintime-qt

@buhtz buhtz added this to the 1.3.4 milestone Mar 19, 2023
@aryoda aryoda added the HELP-WANTED Used by 24pullrequests.com to suggest issues label Dec 19, 2023
@buhtz
Copy link
Member

buhtz commented Jan 9, 2024

Voting to close because not relevant to upstream. Does someone have something to add?

@buhtz buhtz added the Feedback needs user response, may be closed after timeout without a response label Jan 9, 2024
@gander
Copy link
Author

gander commented Jan 9, 2024

The @barzine solution makes the same effect as:

sudo add-apt-repository ppa:bit-team/stable

And I don't have this error anymore.

I think it can be closed.

@buhtz buhtz closed this as completed Feb 16, 2024
@buhtz buhtz removed the Feedback needs user response, may be closed after timeout without a response label Feb 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Distro-Specific only for certain distributions, desktop environments or display servers Documentation External depends on others/upstream HELP-WANTED Used by 24pullrequests.com to suggest issues
Projects
None yet
Development

No branches or pull requests

7 participants