apt-key
warning appears, after a Private Package Archive (PPA) has been added, when running sudo apt update
in a terminal or when doing Refresh in Update Manager. The warning can be ignored because the update is successful even though Update Manager shows it as an error. But apt-key
will be removed in the next release of Ubuntu, so until the many PPA maintainers update their install process this warning will persist. (Linux Mint will continue to use Ubuntu 22.04 until Mint 22 in comes out in 2024.)I do not want to see warnings/errors evertime I do an update/refresh. I added six PPAs to my system: LibreOffice, Gimp, Qbittorrent, MakeMKV, Veracrypt, Syncthing. Five of them generate the warning. So after much research I found the easiest way to fix it. It may look like a lot, but there are only three simple steps (per PPA).
If the PPA you use already has a [signed-by ...] parameter in its install instructions, you do NOT need to fix it. Syncthing uses the correct format without
apt-key
, so it is ready for the future.First, get a list of the keys for all your installed PPAs. Open a terninal and run
Code: Select all
sudo apt-key list
Then, extract the keys to a location out of the apt-key area. Some research suggests using
/etc/apt/keyrings/
, but the Debian structure on which Ubuntu is built recommends /usr/share/keyrings/
(and that is already being used by Syncthing). For each PPA you listed above, run: Code: Select all
sudo apt-key export <8-digit-fingerprint-numbers-here!> | sudo gpg --dearmour -o /usr/share/keyrings/<product-name-here!>-archive.keyring.gpg
Code: Select all
sudo apt-key export 7CA69FC4 | sudo gpg --dearmour -o /usr/share/keyrings/qbittorrent-archive.keyring.gpg
/etc/apt/sources.list.d
and edit each of the PPA .list
files. I used the file browser, right click, Open as Root, and just double clicked to open each file in Xed. In each file between deb
and the url, add [signed-by=/usr/share/keyrings/<product-name-here!>-archive.keyring.gpg]
.For example, in: qbittorrent-team-qbittorrent-stable-jammy.list I changed
deb http://ppa.launchpad.net/qbittorrent-team/qbittorrent-stable/ubuntu jammy main
to
Code: Select all
deb [signed-by=/usr/share/keyrings/qbittorrent-archive.keyring.gpg] http://ppa.launchpad.net/qbittorrent-team/qbittorrent-stable/ubuntu jammy main
Finally, run
sudo apt update
and/or Refresh in Update Manager. The warnings should be gone.Other researchers have listed ways of directly downloading keys into
/usr/share/keyrings
and hand entering PPA urls into sources.list.d
, but that is skirting around what PPA maintainers have set up. Maintainers will have to adapt to the next Ubuntu, so I would rather just fix the current structure.Some of the research I used:
https://askubuntu.com/questions/1286545 ... ed-apt-key
https://www.linuxuprising.com/2021/01/a ... o-add.html
https://www.techrepublic.com/article/ho ... in-ubuntu/
In many references you will see "How to solve the apt-key error the quick way" by copying the
trusted.gpg
file into the trusted.gpg.d
. DO NOT DO THIS! The askubuntu reference above explains how this makes the security of your system even worse than it is with apt-key now.