====== How to add 3rd party repository in Ubuntu ======
Things become more and more complicated, so I decided to write instruction
===== Add signing key for repository =====
You should always put signing key path to repository, like this:
deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x jammy main
The key MUST NOT be placed in ///etc/apt/trusted.gpg.d// or loaded by //apt-key add//
If future updates to the key will be managed by an apt/dpkg package, then it SHOULD be downloaded into ///usr/share/keyrings// using the same filename that will be provided by the package. If it will be managed locally, it SHOULD be downloaded into ///etc/apt/keyrings// instead.
I think it means if you need to bother with key, then just put it to ///etc/apt/keyrings//
===== Using new .sources =====
.sources file instead of a .list file. This method is relatively new, and uses the deb822 multiline format that is less ambiguous compared to the deb . . . declaration, though is functionally identical. Create a new file:
Types: deb
Architectures: amd64 arm64
Signed-By: /usr/share/keyrings/nodesource.gpg
URIs: https://deb.nodesource.com/node_16.x
Suites: jammy
Components: main
===== How to get the key =====
There are two ways, depending on what package developer implemented
==== 1. Download key from keyserver or keyserver pool ====
sudo gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/keyrings/usefulpackage.gpg --keyserver \
keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB6517111119E084DAB9
==== 2. Download key in file from developer's location ====
curl -fsSL https://dbeaver.io/debs/dbeaver.gpg.key > dbeaver.gpg
Check if key is armored (looks like ASCII text and not binary), and if so, unarmor it:
curl -fsSL https://dbeaver.io/debs/dbeaver.gpg.key | gpg --dearmor -o dbeaver.gpg
Move the key to ///etc/apt/keyrings//:
mv dbeaver.gpg /etc/apt/keyrings/
===== Links =====
* [[https://wiki.debian.org/DebianRepository/UseThirdParty|Instructions to connect to a third-party repository]]