Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)
Darac Marjal
mailinglist at darac.org.uk
Wed Jun 21 11:27:31 CEST 2017
On Tue, Jun 20, 2017 at 01:56:57PM -0400, Daniel Kahn Gillmor wrote:
>Hi Rex--
>
>On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
>> root at debian-rig:/home/rexk# wget -qO -
>> https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
>> gpg: WARNING: nothing exported
>> gpg: no valid OpenPGP data found.
>> gpg: Total number processed: 0
>
>While it's a common recommendation, "apt-key add -" is generally a bad
>idea, because it mixes the fetched keys in with all the other keys.
>It's a better idea to fetch the keys for a given repository separately
>and mark them as acceptable only for this specific repo.
>
>Since you're using debian stable (stretch), you might want to read:
>
> https://wiki.debian.org/DebianRepository/UseThirdParty
>
>From its suggestions, if you want to add the sublime repo (which i have
>never vetted and am not personally recommending here), you might prefer
>to do the following on debian stretch:
>
> wget -O /usr/share/keyring/sublimehq-pub.gpg.asc https://download.sublimetext.com/sublimehq-pub.gpg
> gpg --dearmor < /usr/share/keyring/sublimehq-pub.gpg.asc > /usr/share/keyring/sublimehq-pub.gpg
> echo 'deb [signed-by=/usr/share/keyring/sublimehq-pub.gpg] https://download.sublimetext.com/ apt/stable/' > /etc/apt/sources.list.d/sublime.list
Thank you. I've been meaning to switch my apt sources over to this style
for a while, but couldn't seem to get apt to see the separate keys. It
looks like I was missing out the "[signed-by=...]" part.
>
>This makes it so the sublime repository key is not accepted for
>certifying the main debian repos (which it should not be doing).
>
>I suspect that the problem you were having may have to do with the
>ascii-armoring on the fetched file, which is why i've included the
>--dearmor line in the middle of the three steps above.
>
>hope this helps,
>
> --dkg
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users at gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
--
For more information, please reread.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 906 bytes
Desc: not available
URL: </pipermail/attachments/20170621/70f6dc20/attachment.sig>
More information about the Gnupg-users
mailing list