Announcement

Collapse
No announcement yet.

Where is proper place to store gpg keys for apt?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    [SOLVED] Where is proper place to store gpg keys for apt?

    My question from yesterday caused me to research and understand keys, I've got to the point where I understand mostly how it works. I get that apt-key is depreciated and why etc.

    Here's what I need help understanding:
    When storing keys for repos for use of APT, where should I store the gpg file at? I see lots of helpful articles, but they seem to mention two places interchangeably.

    /etc/apt/trusted.gpg.d/
    /usr/share/keyrings/

    I see it's easy enough to edit the .list file located in etc/apt/sources.list.d (which is where I understand the proper location to store each repo, not all combined together in the sources.list file).

    Anyway, I decided to store them in /usr/share/keyrings but I also notice I have several files in trusted.gpg.d, but instead of the actual keyName.gpg it says keyName.gpg~

    So to rephrase what my questions are
    1. What is the purpose behind the two folders. Is the trusted.gpg.d folder specifically only for use with apt, but if it doesn't find one there, it looks in keyring folder?
    2. If you can use either folder like my tutorials stated, which is preferred for apt repo keys?
    3. Is it a good idea to backup this folder? It was annoying fixing all my warnings from apt-key and most instructions on websites still use apt-key. I'd hate to have to go through this individually all over again. I guess, are these special where you can't just back it up, copy and past won't work with them maybe? Do I have to do an export function and save them that way?
    4. And Finally, what is the "~" file. It says it is a "backup" file. What exactly does this mean, can I delete them? Some are old, like I have a system76-ubuntu-pop.gpg~ key in there. The only thing I can think of is when I wiped my computer and re-synced my .config folder, one of the dot files from there created that backup from when I was using POPOS. I don't know how else that got in there, I didn't backup or restore this folder or anything outside my .config folder.

    I know that's a lot, I tried to find out all the info I could for myself, but I can't find the answer to those bits of my questions.

    Thanks all.
    Last edited by stowed4sea; Dec 29, 2022, 04:38 PM.

    #2
    /usr/share/keyrings/ is basically the OS level, if you will.

    /etc/apt/trusted.gpg.d/ are for addons. PPAs place their keys here, and any other added repository does similar. Google Chrome, for example.
    This directory is used so you don't muck around with your core keys, much in the same way the files in /etc/apt/sources.list.d/ don't muck with your normal sources.list, or small config xorg config snippets in /etc/X11/xorg.conf.d/ don't mess with one's /etc/X11/xorg.conf file. There are numerous similar configuration setups like this throughout your system.

    Originally posted by stowed4sea View Post
    it says keyName.gpg~
    These are backups, but not sure precisely what creates them, or why. They are zero bytes. The only keys that have them are ones added specifically using the add-apt-repository scripting (PPAs).

    Just leave stuff alone, I say.

    Any third party project that is using outdated instructions to install its repos/product might need to be avoided, or pestered until they update their documentation
    Also note that 'deprecated' doesn't mean 'no longer works' . The message is just that right now - messaging. Keys that are not working the 'old' way are still broken.or the instructions are.

    I am not sure if it is worth backing up or not, as keys can change, sometimes. They do/can expire. Doesn't hurt anything, especially if you also back up the corresponding sources. I personally don't back up these sorts of things as they well could be a major part of the reason I am reinstalling to begin with , though just he keys themselves won't potentially break things. Too much.

    Comment


      #3
      Thanks so much for the response, I think that helpfully answers all my questions. Yeah, I saw they were just warnings, but I felt the need to fix them, and I'm glad because it brought me along a journey in forcing me to understand things I'd always just ignored.

      Yeah I'd normally agree about avoiding sites that would use apt-key still in their instructions, but they are well reputable companies like Azul where I get my jdk from. I will pester them to update their documentation though, that's a good idea.

      One more question if you all don't mind me asking. Questions like this that are wider to ubuntu and not kubuntu specific, should I ask them in the Ask Ubuntu website? I actually didn't see that link until just now, and remember struggling with where in the Kubuntu forums to ask this question I had. I'm not sure if "software" seems like the correct subject area or not, but wasn't sure where else to put it.

      Comment


        #4
        You can ask wherever you want
        Kubuntu=Ubuntu in every single way except the desktop software. It all comes from the same place using the same infrastructure.
        You will find more technical savvy in more general Ubuntu venues.

        Comment


          #5
          Originally posted by claydoh View Post
          You can ask wherever you want
          Kubuntu=Ubuntu in every single way except the desktop software. It all comes from the same place using the same infrastructure.
          You will find more technical savvy in more general Ubuntu venues.
          Yeah, I get that(thanks for your response yesterday as well on the other thread ), but I like to be as little of a bother as possible and always like being in the right spot. Like, I didn't know if it would be good to ask questions like that there or here since it wasn't only related to kubuntu and would apply to really all ubuntu.

          In other words, this forum isn't like strictly based on only Kubuntu related issues?

          Comment


          • oshunluvr
            oshunluvr commented
            Editing a comment
            Kubuntu IS Ubuntu - just with the KDE/Plasma desktop environment on top. If your problem is desktop related - this forum is a great place to start. If the core system and it's functions are at issue, here is good but there are other places to look as well. No one is going to dismiss you here if you ask questions about the Ubuntu parts of the distro here because they are part of Kubuntu too. Welcome to the forum.
        Working...
        X