Background introduction
Update the source under Ubuntu 22.04 LTS
apt-get update
encountered Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
such warnings.
Although the warning does not affect the execution, it is still uncomfortable for a patient with severe code obsessive-compulsive disorder and code cleanliness, so let’s solve it.
In order to clarify this problem, I use the installation of Docker
and installation of Kubernetes
as examples.
Reproduce the problem
Under normal circumstances, Ubuntu
needs to change the source of the system to a local source before installing software through apt-get
to speed up the download speed, such as changing to: Ali, Tsinghua , NetEase these sources.
After modifying the software source, you need to update the software source through the apt-get update
command, but there is a problem under Ubuntu 22.04 LTS
.
root@k8s-worker-01:/etc/apt# apt-get update Hit: 1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease Hit: 2 https://download.docker.com/linux/ubuntu jammy InRelease Hit: 3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease Hit: 4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease Hit: 5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B] Fetched 8993 B in 3s (2909 B/s) Reading package lists... Done W: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key (8) for details.
This warning probably means that we saved the key of the software package in the /etc/apt/trusted.gpg
file of the old version system.
The system prompt here just tells you that the new version of the system cannot put the secret key in /etc/apt/trusted.gpg
, but it does not tell us where the secret key of the new version of the system should be placed.
Solution
In fact, the answer is very simple, in the /etc/apt/trusted.gpg.d
directory.
root@k8s-worker-01:/etc/apt# ls trusted.gpg.d/ ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg
As you can see, there are already two system key files.
Now I will solve this problem with the whole process of installing Docker
and Kubernetes
.
1. Add secret key
Add Docker key
curl https://download.docker.com/linux/ubuntu/gpg | apt-key add -
Add Kubernetes keys:
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
After adding the secret key, you will find a trusted.gpg
file in the /etc/apt
directory:
root@k8s-worker-01:/etc/apt# ls apt.conf.d keyrings sources.list sources.list.d trusted.gpg.d auth.conf.d preferences.d sources.list.bak trusted.gpg
2. Add software sources
Add the docker software source:
cat > /etc/apt/sources.list.d/docker.list << EOF deb https://download.docker.com/linux/ubuntu jammy stable EOF
Add the Kubernetes repository:
cat > /etc/apt/sources.list.d/kubernetes.list << EOF deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main EOF
3. Update source
Because we added two keys, there will be two warnings when updating the source:
root@k8s-worker-01:/etc/apt# apt-get update Hit: 1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease Hit: 2 https://download.docker.com/linux/ubuntu jammy InRelease Hit: 3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease Hit: 4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease Hit: 5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B] Fetched 8993 B in 3s (2909 B/s) Reading package lists... Done W: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key (8) for details. W: https://mirrors.aliyun.com/kubernetes/apt/dists/kubernetes-xenial/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt -key(8) for details.
4. Query secret key
Query all keys on the server through apt-key list
:
root@k8s-worker-01:/etc/apt# apt-key list Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg -------------------- pub rsa2048 2022-05-21 [SC] A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05 uid [ unknown] Rapture Automatic Signing Key (cloud-rapture-signing-key-2022-03-07-08_01_01.pub) sub rsa2048 2022-05-21 [E] pub rsa4096 2017-02-22 [SCEA] 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid [ unknown] Docker Release (CE deb) <[email protected]> sub rsa4096 2017-02-22 [S] /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg -------------------------------------------------- ---- pub rsa4096 2012-05-11 [SC] 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092 uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]> /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg -------------------------------------------------- ---- pub rsa4096 2018-09-17 [SC] F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
According to the output information, there are 3 files and 4 secret keys on the server, the top two are the secret keys we just installed, and the information is stored in /etc/apt/trusted.gpg
In this file, don’t worry about the secret key that comes with the system.
5. Export the secret key
According to the information output by the appeal, the second line of each secret key has a string of hexadecimal codes, which is the id
of the secret key:
A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
Find the key that caused the apt-get update
warning and export it:
apt-key export 13EDEF05 | gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg apt-key export 0EBFCD88 | gpg --dearmour -o /etc/apt/trusted.gpg.d/kubernetes.gpg
Note: The secret key when exporting only needs the last 8 digits of id
, and there is no space between id
.
After exporting, you will find that there are two more binary files in the /etc/apt/trusted.gpg.d
directory. These two binary files are what we just exported:
root@k8s-worker-01:/etc/apt/trusted.gpg.d# ls ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg root@k8s-worker-01:/etc/apt/trusted.gpg.d# apt-key export 13EDEF05 | gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). root@k8s-worker-01:/etc/apt/trusted.gpg.d# apt-key export 0EBFCD88 | gpg --dearmour -o /etc/apt/trusted.gpg.d/kubernetes.gpg Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). root@k8s-worker-01:/etc/apt/trusted.gpg.d# ls docker.gpg kubernetes.gpg ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg
6. Delete key
After exporting the secret key, you can delete the trusted.gpg
file in the /etc/apt
directory:
root@k8s-worker-01:/etc/apt# ls apt.conf.d keyrings sources.list sources.list.d trusted.gpg.d auth.conf.d preferences.d sources.list.bak trusted.gpg trusted.gpg~ root@k8s-worker-01:/etc/apt# rm trusted.gpg trusted.gpg~ root@k8s-worker-01:/etc/apt# ls apt.conf.d auth.conf.d keyrings preferences.d sources.list sources.list.bak sources.list.d trusted.gpg.d
Finally, query all the keys on the server through apt-key list
:
root@k8s-worker-01:/etc/apt# apt-key list Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg.d/docker.gpg --------------------------------- pub rsa2048 2022-05-21 [SC] A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05 uid [ unknown] Rapture Automatic Signing Key (cloud-rapture-signing-key-2022-03-07-08_01_01.pub) sub rsa2048 2022-05-21 [E] /etc/apt/trusted.gpg.d/kubernetes.gpg -------------------------------------- pub rsa4096 2017-02-22 [SCEA] 9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88 uid [ unknown] Docker Release (CE deb) <[email protected]> sub rsa4096 2017-02-22 [S] /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg -------------------------------------------------- ---- pub rsa4096 2012-05-11 [SC] 8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092 uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]> /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg -------------------------------------------------- ---- pub rsa4096 2018-09-17 [SC] F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
7. Update source again
According to the information output by the appeal, there are currently 4 files and 4 secret keys on the server, the top two of which are the ones we just added to the /etc/apt/trusted.gpg.d
directory down.
Try updating the source again with the apt-get update
command:
root@k8s-worker-01:/etc/apt# apt-get update Hit: 1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease Hit: 2 https://download.docker.com/linux/ubuntu jammy InRelease Hit: 3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease Hit: 4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease Hit: 5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B] Fetched 8993 B in 3s (3491 B/s) Reading package lists... Done
After the output of the results, it was found that there were no warnings, fully in line with expectations, and a perfect solution!