apt-key deprecation warning when updating system: “Key is stored in legacy trusted.gpg keyring”
Addressing the apt-key Deprecation Warning: “Key is stored in legacy trusted.gpg keyring”
If you encounter the apt-key deprecation warning when updating your system, follow these steps to resolve it.
1. Open Terminal
If your terminal isn’t already open, launch it now.
2. List Existing Keys
To view the current keys stored in your system, run:
sudo apt-key list
You’ll likely see a warning message similar to this:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Your list might look something like this:
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2017-05-08 [SCEA]
1EDD E2CD FC02 5D17 F6DA 9EC0 ADAE 6AD2 8A8F 901A
uid [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
sub rsa4096 2017-05-08 [S]
pub rsa2048 2015-10-28 [SC]
BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
uid [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>
3. Export the Key
Identify the key you want to export. Use the last 8 characters of the pub
code. For example, to export the Microsoft key:
sudo apt-key export BE1229CF | sudo gpg --dearmor -o /usr/share/keyrings/microsoft.gpg
Note: Replace BE1229CF with the relevant value from your list.
4. Update the Apt Source File
Next, modify the apt source file corresponding to the repository. Add a signed-by tag pointing to the newly created keyring file. For example, in the Microsoft Edge repository file (/etc/apt/sources.list.d/microsoft.list), update the entry:
deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main
5. Update Apt and Confirm
Run an update to ensure the warning has been resolved:
sudo apt update
You should no longer see the deprecation warning for the updated key. However, if there are still warnings for other keys, follow the same process for each one.
6. Remove the Original Key
Finally, remove the old key from the legacy keyring to clean up your system:
sudo apt-key del BE1229CF
Note: Replace BE1229CF with the key you exported.
This guide helps ensure your system’s key management aligns with updated security practices.