[ZBX-21398] Use Signed-By for apt instead of trusted.gpg.d Created: 2022 Jul 27  Updated: 2026 May 05

Status: Confirmed
Project: ZABBIX BUGS AND ISSUES
Component/s: Packages (C)
Affects Version/s: 5.0.35rc1, 6.0.18rc1, 6.4.3rc1, 7.0.0alpha1
Fix Version/s: None

Type: Problem report Priority: Major
Reporter: Omni Flux Assignee: Jurijs Klopovskis
Resolution: Unresolved Votes: 7
Labels: Debian, Ubuntu
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Debian/APT based systems

Team: Team I
Sprint: Sprint 90 (Jul 2022), Sprint 91 (Aug 2022), Product delivery backlog

 Description   

Please transition to using Signed-By instead of installing gpg key in /etc/apt/trusted.gpg.d.

Move /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg to /usr/share/keyrings/zabbix-official-repo.gpg

Change /etc/apt/sources.list.d/zabbix.list from

deb https://repo.zabbix.com/zabbix/6.0/debian bullseye main
deb-src https://repo.zabbix.com/zabbix/6.0/debian bullseye main

to

deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix/6.0/debian bullseye main
deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix-agent2-plugins/1/debian bullseye main

Debian's documentation for this is available here: https://wiki.debian.org/DebianRepository/UseThirdParty

A writeup on why this should be done is available here: https://blog.cloudflare.com/dont-use-apt-key/

 Comments   
Comment by Omni Flux [ 2022 Jul 27 ]

Just noticed the sources lines I posted are from two different systems, and do not match

should become

and

should become

Comment by Jurijs Klopovskis [ 2022 Jul 27 ]

Thanks!
We will consider it.

Comment by Mickael Martin [ 2025 Jan 10 ]

Hello, can you update? This is a minor change and requested by Debian since 2022 (cf https://wiki.debian.org/DebianRepository/UseThirdParty )

Sources.list entry
A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint.
Comment by Leon [ 2025 Dec 03 ]

Since the Upgrade to Debian 13 each time apt update gets invoked, this output is given back now.
I suspect it is connected to this ticket.

Notice: Skipping acquire of configured file 'main/binary-amd64/Packages' as repository 'https://repo.zabbix.com/zabbix/7.4/release/debian trixie InRelease' doesn't support architecture 'amd64'
Notice: Skipping acquire of configured file 'main/binary-amd64/Packages' as repository 'https://repo.zabbix.com/zabbix-tools/debian-ubuntu trixie InRelease' doesn't support architecture 'amd64'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://repo.zabbix.com/zabbix/7.4/release/debian'
Notice: Missing Signed-By in the sources.list(5) entry for 'https://repo.zabbix.com/zabbix/7.4/stable/debian'
Comment by Dominik P [ 2026 May 05 ]

Any update? This issue is now open for almost 4 years.

It would be wise to finally change this and also start supporting .sources instead of .list.

Generated at Sun May 17 13:46:00 EEST 2026 using Jira 10.3.18#10030018-sha1:5642e4ad348b6c2a83ebdba689d04763a2393cab.