Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Rex Kneisley rexk99 at gmail.com
Sat Jun 24 07:56:20 CEST 2017


Thank you Daniel. As it turns out my difficulties were mostly being caused
by the fact that I had some how "broken" my apt updates. I was playing
around with backports in Debian 9.0 Stretch in order to properly download
and install Tor-Browser-Launcher.
I suspect that because Debian 9.0 is so new, the back-ports are still a bit
flakey. Things are working now after a fresh re-install.

I appreciate your suggestion for setting up separate key repositories. I
will use this method moving forward.

Rex

On Tue, Jun 20, 2017 at 10:56 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> wrote:

> Hi Rex--
>
> On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
> > root at debian-rig:/home/rexk# wget -qO -
> > https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
> > gpg: WARNING: nothing exported
> > gpg: no valid OpenPGP data found.
> > gpg: Total number processed: 0
>
> While it's a common recommendation, "apt-key add -" is generally a bad
> idea, because it mixes the fetched keys in with all the other keys.
> It's a better idea to fetch the keys for a given repository separately
> and mark them as acceptable only for this specific repo.
>
> Since you're using debian stable (stretch), you might want to read:
>
>     https://wiki.debian.org/DebianRepository/UseThirdParty
>
> From its suggestions, if you want to add the sublime repo (which i have
> never vetted and am not personally recommending here), you might prefer
> to do the following on debian stretch:
>
>     wget -O /usr/share/keyring/sublimehq-pub.gpg.asc
> https://download.sublimetext.com/sublimehq-pub.gpg
>     gpg --dearmor < /usr/share/keyring/sublimehq-pub.gpg.asc >
> /usr/share/keyring/sublimehq-pub.gpg
>     echo 'deb [signed-by=/usr/share/keyring/sublimehq-pub.gpg]
> https://download.sublimetext.com/ apt/stable/' > /etc/apt/sources.list.d/
> sublime.list
>
> This makes it so the sublime repository key is not accepted for
> certifying the main debian repos (which it should not be doing).
>
> I suspect that the problem you were having may have to do with the
> ascii-armoring on the fetched file, which is why i've included the
> --dearmor line in the middle of the three steps above.
>
> hope this helps,
>
>      --dkg
>



-- 
Sincerely,


Rex Kneisley
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170623/4459cc02/attachment.html>


More information about the Gnupg-users mailing list