Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-21398

Use Signed-By for apt instead of trusted.gpg.d

    XMLWordPrintable

Details

    • Incident report
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • None
    • None
    • Packages (C)
    • None
    • Debian/APT based systems
    • Team B
    • Sprint 90 (Jul 2022), Sprint 91 (Aug 2022), Product delivery backlog

    Description

      Please transition to using Signed-By instead of installing gpg key in /etc/apt/trusted.gpg.d.

      Move /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg to /usr/share/keyrings/zabbix-official-repo.gpg

      Change /etc/apt/sources.list.d/zabbix.list from

      deb https://repo.zabbix.com/zabbix/6.0/debian bullseye main
      deb-src https://repo.zabbix.com/zabbix/6.0/debian bullseye main

      to

      deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix/6.0/debian bullseye main
      deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix-agent2-plugins/1/debian bullseye main

      Debian's documentation for this is available here: https://wiki.debian.org/DebianRepository/UseThirdParty

      A writeup on why this should be done is available here: https://blog.cloudflare.com/dont-use-apt-key/

      Attachments

        Issue Links

          Activity

            People

              yurii Jurijs Klopovskis
              Omniflux Omni Flux
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: