robotpkg.key → robotpkg.gpg
If I follow http://robotpkg.openrobots.org/debian.html, and run:
echo "deb [arch=amd64] http://robotpkg.openrobots.org/packages/debian/pub jammy robotpkg" > /etc/apt/sources.list.d/robotpkg.list curl http://robotpkg.openrobots.org/packages/debian/robotpkg.key | apt-key add - apt update
W: http://robotpkg.openrobots.org/packages/debian/pub/dists/jammy/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
This warning can be fixed if instead I use:
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/robotpkg.gpg] http://robotpkg.openrobots.org/packages/debian/pub jammy robotpkg" > /etc/apt/sources.list.d/robotpkg.list curl http://robotpkg.openrobots.org/packages/debian/robotpkg.key | gpg --dearmor > /usr/share/keyrings/robotpkg.gpg apt updateSo I guess we should
- provide a dearmored http://robotpkg.openrobots.org/packages/debian/robotpkg.gpg along with the old http://robotpkg.openrobots.org/packages/debian/robotpkg.key
- update the instructions to download this one and add the corresponding "signed-by=" part in the sources.list
Updated by Anthony Mallet 5 months ago
- Status changed from New to Feedback
Thanks for reporting this.
I slightly updated your proposed fix to better comply with apt-key(8),
DEPRECATION section. See robotpkg-www:0975f575.
I kept the 'armored' format, as I don't see issues with it and it
might be more robust, especially with the documented `tee` command to
download the key. But in case this is useful, I also added a binary
gpg format (not documented as of now) in `robotpkg.gpg`, same URL.
Is that OK for you?