Open-source News

Along with the fresh look at the Intel Core i9 12900K vs. AMD Ryzen 9 5950X on Linux using the latest development kernel and other bleeding-edge software packages, today's article is a fresh look at how the Ryzen 7 5800X3D with 3D V-Cache is performing relative to the Ryzen 7 5800X.

343 working on Halo: The Master Chief Collection anti-cheat for Steam Deck / Linux  GamingOnLinux

Intel submitted their final set of "drm-intel-gt-next" feature changes intended for merging in the upcoming Linux 6.1 kernel merge window that opens in early October...

Intel Sends More Meteor Lake Code, GSC For Xe HP SDV For Linux 6.1  Phoronix

Canonical announced this morning that they have partnered with ASUS IoT, the division of ASUS focused on providing "Internet of Things" hardware, to certify Ubuntu Linux for their devices...

Qt 6.4 is continuing to run on-schedule and out today is the release candidate ahead of the stable release expected around the end of the month...

The next deep magic Linux program to change the world? Io_uring  The Register

This guide is about how to Remove Metadata of Files on Linux. Metadata is information about data. When you think of a text file, the string of letters in  BollyInside

Asus IoT, Canonical partner on Ubuntu Linux certification for IoT apps  Telecompaper EN

A decade ago there used to be an annual Phoronix pilgrimage (and closest thing in many years to taking a vacation/holiday/day-off for me) to Oktoberfest and a meet-up of Phoronix readers. While Oktoberfest is kicking off this weekend in Munich after a two year hiatus due to the pandemic, unfortunately, there is no Phoronix event. But will be in spirit and making use of the occasion by running the annual "Oktoberfest sale" if wishing to show your support for all the Linux hardware reviews, benchmarking, and open-source news carried out each and every day. Additionally, Stripe is now accepted for Phoronix Premium subscriptions as an alternative to PayPal. Phoronix Premium corporate subscriptions are also now being offered...

Fix the apt-key deprecation error in Linux Chris Hermansen Fri, 09/16/2022 - 03:00

This morning, after returning home from a mini vacation, I decided to run apt update and apt upgrade from the command line just to see whether there had been any updates while I was offline. After issuing the update command, something didn't seem quite right; I was seeing messages along the lines of:

W: https://updates.example.com/desktop/apt/dists/xenial/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

True, it's just a warning, but still there's that scary word, deprecation, which usually means it's going away soon. So I thought I should take a look. Based on what I found, I thought my experience would be worth sharing.

It turns out that I have older configurations for some repositories, artifacts of installation processes from "back in the day," that needed adjustment. Taking my prompt from the warning message, I ran man apt-key at the command line, which provided several interesting bits of information. Near the beginning of the man page:

apt-key is used to manage the list of keys used by apt to authenticate packages. Packages which have been authenticated using these keys are considered trusted.
Use of apt-key is deprecated, except for the use of apt-key del in maintainer scripts to remove existing keys from the main keyring. If such usage of apt-key is desired, the additional installation of the GNU Privacy Guard suite (packaged in gnupg) is required.
apt-key(8) will last be available in Debian 11 and Ubuntu 22.04.

Last available in "Debian 11 and Ubuntu 22.04" is pretty much right now for me. Time to fix this!

More Linux resources Linux commands cheat sheet Advanced Linux commands cheat sheet Free online course: RHEL technical overview Linux networking cheat sheet SELinux cheat sheet Linux common commands cheat sheet What are Linux containers? Our latest Linux articles Fixing the apt-key deprecation error

Further on in the man page, there's the deprecation section mentioned in the warning from apt update:

DEPRECATION
Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace the existing use of apt-key.
If your existing use of apt-key add looks like this:

wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -

Then you can directly replace this with (though note the recommendation below):

wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also known as "GPG key public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format works for apt version >= 1.4.

Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the Signed-By option in your sources.list and pointing to the filename of the key. See sources.list(5) for details. Since APT 2.4, /etc/apt/keyrings is provided as the recommended location for keys not managed by packages. When using a deb822-style sources.list, and with apt version >= 2.4, the Signed-By option can also be used to include the full ASCII armored keyring directly in the sources.list without an additional file.

If you, like me, have keys from non-repository stuff added with apt-key, then here are the steps to transition:

1. Determine which keys are in apt-key keyring /etc/apt/trusted.gpg
2. Remove them
3. Find and install replacements in /etc/apt/trusted.gpg.d/ or in /etc/apt/keyrings/

1. Finding old keys

The command apt-key list shows the keys in /etc/apt/trusted.gpg:

$ sudo apt-key list
[sudo] password:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-04-05 [SC]
      DBE4 6B52 81D0 C816 F630  E889 D980 A174 57F6 FB86
uid           [ unknown] Example <support@example.com>
sub   rsa4096 2017-04-05 [E]

pub   rsa4096 2016-04-12 [SC]
      EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
uid           [ unknown] Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub   rsa4096 2021-10-26 [S] [expires: 2024-10-25]
[...]

Also shown afterward are the keys held in files in the /etc/apt/trusted.gpg.d folder.

[ Related read How to import your existing SSH keys into your GPG key ]

2. Removing old keys

The group of quartets of hex digits, for example DBEA 6B52...FB86, is the identifier required to delete the unwanted keys:

$ sudo apt-key del "DBEA 6B52 81D0 C816 F630  E889 D980 A174 57F6 FB86"

This gets rid of the Example key. That's literally just an example, and in reality you'd get rid of keys that actually exist. For instance, I ran the same command for each of the real keys on my system, including keys for Google, Signal, and Ascensio. Keys on your system will vary, depending on what you have installed.

3. Adding keys

Getting the replacement keys is dependent on the application. For example, Open Whisper offers its key and an explanation of what to do to install it, which I decided not to follow as it puts the key in /usr/share/keyrings. Instead, I did this:

$ wget -O- https://updates.signal.org/desktop/apt/keys.asc | gpg --dearmor > signal-desktop-keyring.gpg
$ sudo mv signal-desktop-keyring.gpg /etc/apt/trusted.gpg.d/
$ sudo chown root:root /etc/apt/trusted.gpg.d/signal-desktop-keyring.gpg
$ sudo chmod ugo+r /etc/apt/trusted.gpg.d/signal-desktop-keyring.gpg
$ sudo chmod go-w /etc/apt/trusted.gpg.d/signal-desktop-keyring.gpg

Ascencio also offers instructions for installing OnlyOffice that include dealing with the GPG key. Again I modified their instructions to suit my needs:

$ gpg --no-default-keyring --keyring gnupg-ring:~/onlyoffice.gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
$ sudo mv onlyoffice.gpg /etc/apt/trusted.gpg.d/
$ sudo chown root:root /etc/apt/trusted.gpg.d/onlyoffice.gpg
$ sudo chmod ugo+r /etc/apt/trusted.gpg.d/onlyoffice.gpg
$ sudo chmod go-w /etc/apt/trusted.gpg.d/onlyoffice.gpg

As for the Google key, it is managed (correctly, it appears) through the .deb package, and so a simple reinstall with dpkg -i was all that was needed. Finally, I ended up with this:

$ ls -l /etc/apt/trusted.gpg.d
total 24
-rw-r--r-- 1 root root 7821 Sep  2 10:55 google-chrome.gpg
-rw-r--r-- 1 root root 2279 Sep  2 08:27 onlyoffice.gpg
-rw-r--r-- 1 root root 2223 Sep  2 08:02 signal-desktop-keyring.gpg
-rw-r--r-- 1 root root 2794 Mar 26  2021 ubuntu-keyring-2012-cdimage.gpg
-rw-r--r-- 1 root root 1733 Mar 26  2021 ubuntu-keyring-2018-archive.gpgExpired keys

The last problem key I had was from an outdated installation of QGIS. The key had expired, and I'd set it up to be managed by apt-key. I ended up following their instructions to the letter, both for installing a new key in /etc/apt/keryings and their suggested format for the /etc/apt/sources.list.d/qgis.sources installation configuration.

[ Download the Linux cheat sheets for apt or dnf ]

Linux system maintenance

Now you can run apt update with no warnings or errors related to deprecated key configurations. We apt users just need to remember to adjust any old installation instructions that depend on apt-key. Instead of using apt-key, you must instead install a key to /etc/apt/trusted.gpg.d/ or /etc/apt/keyrings/, using gpg as needed.

Follow these steps and you can run apt update with no warnings or errors related to deprecated key configurations.

Image by:

Opensource.com

Linux Sysadmin What to read next This work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License. Register or Login to post a comment.

Asus IoT, Canonical partner on Ubuntu Linux certification for IoT apps  Telecompaper EN

How to install Atom Text Editor on Ubuntu 22.04 LTS  Linux Shout

The post How to Show Security Warning Message to SSH Unauthorized Users first appeared on Tecmint: Linux Howtos, Tutorials & Guides .

SSH banner warnings are crucial when companies or organizations want to show a strict warning message to discourage unauthorized users from accessing a Linux server. These SSH banner warning messages are displayed just before

The post How to Show Security Warning Message to SSH Unauthorized Users first appeared on Tecmint: Linux Howtos, Tutorials & Guides.

Process memory limit and address space for UNIX and Linux and Windows - Linux & Unix  BleepingComputer

NUMA Interface For FUTEX2 Still Being Tackled For Linux  Phoronix

Merged last year for the Linux 5.16 cycle was FUTEX2's futex_waitv() system call for waiting on multiple futexes in order to better match the behavior of Microsoft Windows. This FUTEX2 initiative was driven as an effort to further enhance Linux gaming performance/efficiency particularly for Valve's Steam Play. Originally there were other goals with FUTEX2 and now we are seeing another one of those being worked on: NUMA awareness...

The Khronos Group has published OpenCL 3.0.12 as the newest version of this API for compute across heterogeneous platforms, but mostly known for GPU compute...

Camera access for Linux on ChromeOS may be very close  Chrome Unboxed

How to Quickly Remove Metadata From Files on Linux  MUO - MakeUseOf