Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-21398

Use Signed-By for apt instead of trusted.gpg.d

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 5.0.35rc1, 6.0.18rc1, 6.4.3rc1, 7.0.0alpha1
    • Packages (C)
    • Debian/APT based systems
    • Sprint 90 (Jul 2022), Sprint 91 (Aug 2022), Product delivery backlog

      Please transition to using Signed-By instead of installing gpg key in /etc/apt/trusted.gpg.d.

      Move /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg to /usr/share/keyrings/zabbix-official-repo.gpg

      Change /etc/apt/sources.list.d/zabbix.list from

      deb https://repo.zabbix.com/zabbix/6.0/debian bullseye main
      deb-src https://repo.zabbix.com/zabbix/6.0/debian bullseye main

      to

      deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix/6.0/debian bullseye main
      deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix-agent2-plugins/1/debian bullseye main

      Debian's documentation for this is available here: https://wiki.debian.org/DebianRepository/UseThirdParty

      A writeup on why this should be done is available here: https://blog.cloudflare.com/dont-use-apt-key/

            yurii Jurijs Klopovskis
            Omniflux Omni Flux
            Team I
            Votes:
            2 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated: