background introduction
Encountered such a warning Ubuntu 22.04 LTS
under update source.apt-get update
Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
Although the warning does not affect the execution, it is still uncomfortable for a patient with severe code obsessive-compulsive disorder and code cleanliness, so let's solve it.
In order to clarify this issue, I use installation Docker
and installation Kubernetes
as examples.
problem reproduction
In general, before installingUbuntu
the software, it is necessary to change the source of the system to a local source to achieve the purpose of speeding up the download speed, such as changing to sources such as Ali, Tsinghua, and NetEase.apt-get
After modifying the software source, you need to update the software source through apt-get update
the command , but Ubuntu 22.04 LTS
there is a problem under .
root@k8s-worker-01:/etc/apt# apt-get update
Hit:1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease
Hit:2 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease
Hit:4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease
Hit:5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease
Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B]
Fetched 8993 B in 3s (2909 B/s)
Reading package lists... Done
W: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
This warning probably means that we saved the key of the package in the file /etc/apt/trusted.gpg
of this old version system.
The system prompt here just tells you that the new version of the system cannot put the secret key /etc/apt/trusted.gpg
in , but it does not tell us where the secret key of the new version of the system should be placed.
solution
In fact, the answer is very simple, in /etc/apt/trusted.gpg.d
the directory .
root@k8s-worker-01:/etc/apt# ls trusted.gpg.d/
ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg
As you can see, there are already two system key files.
Now I Docker
will Kubernetes
solve this problem with the whole process of installing and .
1. Add a secret key
Add Docker key
curl https://download.docker.com/linux/ubuntu/gpg | apt-key add -
Add Kubernetes key:
curl https://mirrors.aliyun.com/kubernetes/apt/doc/apt-key.gpg | apt-key add -
After adding the secret key, you will find /etc/apt
that there is an additional trusted.gpg
file in the directory:
root@k8s-worker-01:/etc/apt# ls
apt.conf.d keyrings sources.list sources.list.d trusted.gpg.d
auth.conf.d preferences.d sources.list.bak trusted.gpg
2. Add software source
Add docker software sources:
cat > /etc/apt/sources.list.d/docker.list << EOF
deb https://download.docker.com/linux/ubuntu jammy stable
EOF
Add the Kubernetes software source:
cat > /etc/apt/sources.list.d/kubernetes.list << EOF
deb https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial main
EOF
3. Update source
Because we added two keys, there will be two warnings when updating the source:
root@k8s-worker-01:/etc/apt# apt-get update
Hit:1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease
Hit:2 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease
Hit:4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease
Hit:5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease
Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B]
Fetched 8993 B in 3s (2909 B/s)
Reading package lists... Done
W: https://download.docker.com/linux/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://mirrors.aliyun.com/kubernetes/apt/dists/kubernetes-xenial/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
4. Query the secret key
apt-key list
Query all keys on the server by :
root@k8s-worker-01:/etc/apt# apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2022-05-21 [SC]
A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05
uid [ unknown] Rapture Automatic Signing Key (cloud-rapture-signing-key-2022-03-07-08_01_01.pub)
sub rsa2048 2022-05-21 [E]
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb) <[email protected]>
sub rsa4096 2017-02-22 [S]
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
According to the output information, there are 3 files and 4 secret keys on the server. The top two are the secret keys we just installed. The information is stored in /etc/apt/trusted.gpg
this
5. Export the secret key
According to the information output by the appeal, the second line of each secret key has a string of hexadecimal codes, and this code is the secret key id
:
A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
Find the key that caused apt-get update
the warning and export it:
apt-key export 13EDEF05 | gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg
apt-key export 0EBFCD88 | gpg --dearmour -o /etc/apt/trusted.gpg.d/kubernetes.gpg
Note: The secret key when exporting only id
needs , and id
there is no space between.
After exporting, you will find that there are two more binary files in /etc/apt/trusted.gpg.d
the directory . These two binary files are the ones we just exported:
root@k8s-worker-01:/etc/apt/trusted.gpg.d# ls
ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg
root@k8s-worker-01:/etc/apt/trusted.gpg.d# apt-key export 13EDEF05 | gpg --dearmour -o /etc/apt/trusted.gpg.d/docker.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
root@k8s-worker-01:/etc/apt/trusted.gpg.d# apt-key export 0EBFCD88 | gpg --dearmour -o /etc/apt/trusted.gpg.d/kubernetes.gpg
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
root@k8s-worker-01:/etc/apt/trusted.gpg.d# ls
docker.gpg kubernetes.gpg ubuntu-keyring-2012-cdimage.gpg ubuntu-keyring-2018-archive.gpg
6. Delete the key
After exporting the secret key, you can delete the files/etc/apt
in the directory :trusted.gpg
root@k8s-worker-01:/etc/apt# ls
apt.conf.d keyrings sources.list sources.list.d trusted.gpg.d
auth.conf.d preferences.d sources.list.bak trusted.gpg trusted.gpg~
root@k8s-worker-01:/etc/apt# rm trusted.gpg trusted.gpg~
root@k8s-worker-01:/etc/apt# ls
apt.conf.d auth.conf.d keyrings preferences.d sources.list sources.list.bak sources.list.d trusted.gpg.d
Finally, apt-key list
query :
root@k8s-worker-01:/etc/apt# apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/docker.gpg
---------------------------------
pub rsa2048 2022-05-21 [SC]
A362 B822 F6DE DC65 2817 EA46 B53D C80D 13ED EF05
uid [ unknown] Rapture Automatic Signing Key (cloud-rapture-signing-key-2022-03-07-08_01_01.pub)
sub rsa2048 2022-05-21 [E]
/etc/apt/trusted.gpg.d/kubernetes.gpg
-------------------------------------
pub rsa4096 2017-02-22 [SCEA]
9DC8 5822 9FC7 DD38 854A E2D8 8D81 803C 0EBF CD88
uid [ unknown] Docker Release (CE deb) <[email protected]>
sub rsa4096 2017-02-22 [S]
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>
/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
7. Update the source again
According to the information output by the appeal, there are 4 files and 4 keys on the server, and the top two are the ones we just added to /etc/apt/trusted.gpg.d
the directory
Try updating the source again with apt-get update
the command :
root@k8s-worker-01:/etc/apt# apt-get update
Hit:1 https://mirrors.aliyun.com/ubuntu-ports jammy InRelease
Hit:2 https://download.docker.com/linux/ubuntu jammy InRelease
Hit:3 https://mirrors.aliyun.com/ubuntu-ports jammy-updates InRelease
Hit:4 https://mirrors.aliyun.com/ubuntu-ports jammy-backports InRelease
Hit:5 https://mirrors.aliyun.com/ubuntu-ports jammy-security InRelease
Get:6 https://mirrors.aliyun.com/kubernetes/apt kubernetes-xenial InRelease [8993 B]
Fetched 8993 B in 3s (3491 B/s)
Reading package lists... Done
After the output of the results, it was found that there were no warnings, fully in line with expectations, and a perfect solution!