Team I
[ZBX-21398] Use Signed-By for apt instead of trusted.gpg.d Created: 2022 Jul 27 Updated: 2025 Feb 20 |
|
| Status: | Confirmed |
| Project: | ZABBIX BUGS AND ISSUES |
| Component/s: | Packages (C) |
| Affects Version/s: | 5.0.35rc1, 6.0.18rc1, 6.4.3rc1, 7.0.0alpha1 |
| Fix Version/s: | None |
| Type: | Problem report | Priority: | Major |
| Reporter: | Omni Flux | Assignee: | Jurijs Klopovskis |
| Resolution: | Unresolved | Votes: | 2 |
| Labels: | Debian, Ubuntu | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Debian/APT based systems |
||
| Team: | Team I |
| Sprint: | Sprint 90 (Jul 2022), Sprint 91 (Aug 2022), Product delivery backlog |
| Description |
|
Please transition to using Signed-By instead of installing gpg key in /etc/apt/trusted.gpg.d. Move /etc/apt/trusted.gpg.d/zabbix-official-repo.gpg to /usr/share/keyrings/zabbix-official-repo.gpg Change /etc/apt/sources.list.d/zabbix.list from deb https://repo.zabbix.com/zabbix/6.0/debian bullseye main to deb [signed-by=/usr/share/keyrings/zabbix-official-repo.gpg] http://repo.zabbix.com/zabbix/6.0/debian bullseye main Debian's documentation for this is available here: https://wiki.debian.org/DebianRepository/UseThirdParty A writeup on why this should be done is available here: https://blog.cloudflare.com/dont-use-apt-key/ |
| Comments |
| Comment by Omni Flux [ 2022 Jul 27 ] |
|
Just noticed the sources lines I posted are from two different systems, and do not match
should become
and
should become
|
| Comment by Jurijs Klopovskis [ 2022 Jul 27 ] |
|
Thanks! |
| Comment by Mickael Martin [ 2025 Jan 10 ] |
|
Hello, can you update? This is a minor change and requested by Debian since 2022 (cf https://wiki.debian.org/DebianRepository/UseThirdParty ) Sources.list entry A sources.list entry SHOULD have the signed-by option set. The signed-by entry MUST point to a file, and not a fingerprint. |