Ubuntu: How to Fix “Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)”

Share

To resolve this issue, we have to export GPG key from deprecated keyring.

  • Get list of existing keys
$ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>
  • Export the key
$ sudo apt-key export BE1229CF | sudo gpg --dearmour -o /usr/share/keyrings/microsoft.gpg

Key BE1229CF is the last 8 digit taken from key list.

The following message will appear:

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

Now we can update our apt source file for the repository (e.g., /etc/apt/sources.list.d/microsoft.list), adding a signed-by tag:

deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main
  • Update apt to make sure the error message is gone
$ sudo apt update
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up-to-date.
  • Remove the original signature
sudo apt-key del BE1229CF

This can be done with each of the warning messages. Once done, apt will no longer complain.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.