From 2be43cc479dfd4cfb621f14381330c708291e324 Mon Sep 17 00:00:00 2001
From: Christian Cleberg <hello@cleberg.net>
Date: Sun, 28 Jul 2024 19:46:20 -0500
Subject: conversion from Zola to Weblorg

---
 .../blog/2024-06-19-deprecated-trusted-gpg-fix.md  | 133 ---------------------
 1 file changed, 133 deletions(-)
 delete mode 100644 content/blog/2024-06-19-deprecated-trusted-gpg-fix.md

(limited to 'content/blog/2024-06-19-deprecated-trusted-gpg-fix.md')

diff --git a/content/blog/2024-06-19-deprecated-trusted-gpg-fix.md b/content/blog/2024-06-19-deprecated-trusted-gpg-fix.md
deleted file mode 100644
index 8068f2d..0000000
--- a/content/blog/2024-06-19-deprecated-trusted-gpg-fix.md
+++ /dev/null
@@ -1,133 +0,0 @@
-+++
-date = 2024-06-19 08:00:00
-title = "Fixing Ubuntu Error: 'Key is stored in legacy trusted.gpg keyring'"
-description = "Learn how to update GPG keys from the trusted.gpg keyring in Ubuntu."
-+++
-
-## System Warning
-
-When running an update on an Ubuntu system, you may have run into a system
-warning that looks like the example below.
-
-```txt
-W: https://dl.yarnpkg.com/debian/dists/stable/InRelease: Key is stored in legacy
-trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in
-apt-key(8) for details.
-```
-
-While this example references the `yarn` package, the warning message is the
-same for any repository using the deprecated `trusted.gpg` key ring.
-
-The issue arises from managing keys with the `apt-key` command, which utilizes
-the `/etc/apt/trusted.gpg` file by default. Instead, Ubuntu has moved to
-managing key rings with individual `.gpg` files in the `/etc/apt/trusted.gpg.d/`
-directory.
-
-To fix this issue, let's check to see which keys are using the `trusted.gpg` key
-ring and move them into their own dedicated key ring.
-
-## Finding All Keys in the Keyring
-
-Let's start by simply listing the keys used by the `apt` commands. To do this,
-run the following command.
-
-```sh
-sudo apt-key list
-```
-
-This command will show an output similar to the one below. You may see
-additional keys in the `/etc/apt/trusted.gpg.d/` directory - this is where we
-will be moving any keys currently found in the `trusted.gpg` key ring.
-
-In the below example, we can see that this system has four different GPG keys
-stored within the `trusted.gpg` key ring. Let's go ahead and move them into
-their own files.
-
-```txt
-Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead
-(see apt-key(8)).
-
-/etc/apt/trusted.gpg
---------------------
-pub   rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
-      573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
-uid           [ unknown] nginx signing key <signing-key@nginx.com>
-
-pub   rsa4096 2016-10-05 [SC]
-      72EC F46A 56B4 AD39 C907  BBB7 1646 B01B 86E5 0310
-uid           [ unknown] Yarn Packaging <yarn@dan.cx>
-sub   rsa4096 2016-10-05 [E]
-sub   rsa4096 2019-01-02 [S] [expires: 2026-01-23]
-sub   rsa4096 2019-01-11 [S] [expires: 2026-01-23]
-
-pub   rsa4096 2024-05-29 [SC]
-      8540 A6F1 8833 A80E 9C16  53A4 2FD2 1310 B49F 6B46
-uid           [ unknown] nginx signing key <signing-key-2@nginx.com>
-
-pub   rsa4096 2024-05-29 [SC]
-      9E9B E90E ACBC DE69 FE9B  204C BCDC D8A3 8D88 A2B3
-uid           [ unknown] nginx signing key <signing-key-3@nginx.com>
-```
-
-## Moving Keys to the Proper Location
-
-### Exporting Keys to New Files
-
-Now that we know the keys, we will need to move them into their own key ring. We
-can do this by copying the last eight (8) characters from the key's signature
-and exporting it from this key ring into its own.
-
-Using the yarn example from the beginning, here's the command to move this key
-into its own key ring.
-
-```sh
-sudo apt-key export 86E50310 | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/yarn.gpg
-```
-
-You can repeat this process for any other keys, such as the `nginx` keys in the
-example above.
-
-### Cleaning Up
-
-If you run `sudo apt-key list` again, you should see the keys within their own
-key rings:
-
-```txt
-/etc/apt/trusted.gpg.d/nginx-archive-keyring.gpg
-------------------------------------------------
-pub   rsa4096 2024-05-29 [SC]
-      8540 A6F1 8833 A80E 9C16  53A4 2FD2 1310 B49F 6B46
-uid           [ unknown] nginx signing key <signing-key-2@nginx.com>
-
-pub   rsa2048 2011-08-19 [SC] [expires: 2027-05-24]
-      573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
-uid           [ unknown] nginx signing key <signing-key@nginx.com>
-
-pub   rsa4096 2024-05-29 [SC]
-      9E9B E90E ACBC DE69 FE9B  204C BCDC D8A3 8D88 A2B3
-uid           [ unknown] nginx signing key <signing-key-3@nginx.com>
-
-/etc/apt/trusted.gpg.d/yarn.gpg
--------------------------------
-pub   rsa4096 2016-10-05 [SC]
-      72EC F46A 56B4 AD39 C907  BBB7 1646 B01B 86E5 0310
-uid           [ unknown] Yarn Packaging <yarn@dan.cx>
-sub   rsa4096 2016-10-05 [E]
-sub   rsa4096 2019-01-02 [S] [expires: 2026-01-23]
-sub   rsa4096 2019-01-11 [S] [expires: 2026-01-23]
-```
-
-Once you have verified that the keys are valid and stored in their own key
-rings, you can archive the `trusted.gpg` file and run a system update to test
-the new files.
-
-```sh
-sudo mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.bkp
-sudo apt update
-```
-
-Once you've verified that updates work as expected and that the keys are working
-as intended, you can delete the `.bkp` file created above. If you're storing
-keys that are not easily re-attainable, I suggest keeping the `.bkp` file stored
-in a safe location until you are positive that you no longer need it.
-
-- 
cgit v1.2.3-70-g09d2