Користувальницькькі налаштування
Зміст
How to add 3rd party repository in Ubuntu
Things become more and more complicated, so I decided to write instruction
Add signing key for repository
You should always put signing key path to repository, like this:
deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x jammy main
The key MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded by apt-key add
If future updates to the key will be managed by an apt/dpkg package, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally, it SHOULD be downloaded into /etc/apt/keyrings instead.
I think it means if you need to bother with key, then just put it to /etc/apt/keyrings
Using new .sources
.sources file instead of a .list file. This method is relatively new, and uses the deb822 multiline format that is less ambiguous compared to the deb . . . declaration, though is functionally identical. Create a new file:
Types: deb Architectures: amd64 arm64 Signed-By: /usr/share/keyrings/nodesource.gpg URIs: https://deb.nodesource.com/node_16.x Suites: jammy Components: main
How to get the key
There are two ways, depending on what package developer implemented
1. Download key from keyserver or keyserver pool
sudo gpg --homedir /tmp --no-default-keyring --keyring /etc/apt/keyrings/usefulpackage.gpg --keyserver \ keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB6517111119E084DAB9
2. Download key in file from developer's location
curl -fsSL https://dbeaver.io/debs/dbeaver.gpg.key > dbeaver.gpg
Check if key is armored (looks like ASCII text and not binary), and if so, unarmor it:
curl -fsSL https://dbeaver.io/debs/dbeaver.gpg.key | gpg --dearmor -o dbeaver.gpg
Move the key to /etc/apt/keyrings:
mv dbeaver.gpg /etc/apt/keyrings/
Links
Налаштування сторінки
