在 Ubuntu 出現 Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) 的解決方法以 HashiCrop 為例

Posted on by Clarence

在安裝套件的時候我通常比較喜歡使用 apt 來安裝,而我最近依照 HashiCrop 官方安裝的方法裝 apt

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"

安裝完後使用 apt update

ubuntu@localhost:~$ sudo apt update
Hit:1 http://tw.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://tw.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://tw.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://tw.archive.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:6 https://apt.releases.hashicorp.com jammy InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: https://apt.releases.hashicorp.com/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

結果很悲劇的每次都會出現提示 W: https://apt.releases.hashicorp.com/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. 雖然它可以正常使用但是每次更新都看到就很煩。那要怎麼解決這個問題呢?

解決方法

ubuntu@localhost:~$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
      798A EC65 4E5C 1542 8C8E  42EE AA16 FCBC A621 E701
uid           [ unknown] HashiCorp Security (HashiCorp Package Signing) <[email protected]>
sub   rsa4096 2023-01-10 [S] [expires: 2028-01-09]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>

找到 pub 那行的最後 798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701 取得最後 A621E701,把它放到 GPG 密鑰的專用目錄 /etc/apt/trusted.gpg.d

ubuntu@localhost:~$ sudo apt-key export A621E701 | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/hashicorp.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
root@host2:/etc/apt/trusted.gpg.d# apt update
Hit:1 http://tw.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://tw.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://tw.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://tw.archive.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 https://apt.releases.hashicorp.com jammy InRelease
Hit:6 https://download.docker.com/linux/ubuntu jammy InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.

打完收工,在執行一次就不會噴出提示了。

No comments yet