Skip to content

kstr0k/migrate-apt-keys

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
migrate-apt-keys
migrate-apt-keys
 
 

Repository files navigation

migrate-apt-keys

Add signing info to sources.list.d Debian apt repos

This script looks at each deb[-src] entry in the specified (or default) SOURCE.list files and

  • adds [signed-by] qualifiers if missing
  • downloads the corresponding gpg key into a designated folder

Background

In recent (~2022) Ubuntu / Debian's, /etc/apt/sources.list.d/ repos signed by system-wide keys from /etc/apt/trusted.gpg trigger an apt update warning. Meanwhile, repos signed by individual /etc/apt/trusted.gpg.d/* keys don't; yet this is mostly security theatre, because the trusted.gpg.d/* keys still apply to all "unsigned" repos.

This script adds a [signed-by] qualifier to each deb[-src] ... entry within each SOURCE.list repo, and downloads all relevant keys into /usr/local/share/keyrings/SOURCE-apt-keyring.gpg (or a specified folder).

Usage

migrate-apt-keys --help
migrate-apt-keys [ KEYRING_FOLDER [SOURCE.list]... ]

Copyright

MIT license: Jens Berthold <jens@jebecs.de>, Alin Mr. <almr.oss@outlook.com>

About

Migrates from "apt-key" managed keys to "[signed-by=.../keyrings/...]"

Topics

security debian apt ubuntu gpg shell-script apt-key

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

31 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages