[R-sig-Debian] Solution to apt-key depreciation

Gordon Ball gordon @end|ng |rom chron|t|@@net
Sat Mar 20 20:13:04 CET 2021


For the debian usecase at least, it might be worth looking at extrepo
[1][2]. It maintains a list of known external apt repositories, along
with the correct config and keys, which can then be enabled with a
single command.

I don't know how well it works downstream with Ubuntu, but for debian at
least, getting a definition for CRAN added would let people who want to
enable it do so.

Gordon

[1]: https://grep.be/blog/en/computer/debian/Announcing_extrepo/
[2]: https://salsa.debian.org/extrepo-team/extrepo-data

On Thu, Mar 18, 2021 at 09:03:12AM +0100, Johannes Ranke wrote:
> Hi all,
> 
> thanks for thoughts and valuable information on this issue. I think it will 
> not make the CRAN repositories any safer to use. But I believe it will 
> increase security of Debian/Ubuntu repositories in general.
> 
> As bullseye will still contain apt-key and Debians release cycle is a bit more 
> relaxed, I can still afford to sit back for a while and watch...
> 
> Greetings,
> 
> Johannes
> 
> Am Mittwoch, 17. März 2021, 16:52:17 CET schrieb Carl Delfin:
> > Michael,
> > 
> > Sounds great!
> > 
> > If it's any help, I put my solution in a bash script:
> > 
> > #!/bin/bash
> > KEY=/usr/local/share/keyrings/marutter.key
> > 
> > if [ -f "$KEY" ]; then
> >   echo "$KEY already exists"
> >   sudo apt install -y r-base
> > else
> >   wget -q -O marutter.key
> > "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xe298a3a825c0d65dfd
> > 57cbb651716619e084dab9" if ! file marutter.key | grep -q "PGP public key";
> > then
> >     echo "marutter.key does not appear to be a valid PGP key - aborting!"
> >     exit 1
> >   else
> >     sudo mkdir -p /usr/local/share/keyrings/
> >     sudo mv marutter.key /usr/local/share/keyrings/
> >     echo "deb [signed-by=/usr/local/share/keyrings/marutter.key]
> > https://cloud.r-project.org/bin/linux/ubuntu groovy-cran40/" | sudo tee -a
> > /etc/apt/sources.list fi
> >  sudo apt install -y r-base
> > fi
> > 
> > Nothing fancy by any means, but it works and could perhaps be useful.
> > 
> > Cheers,
> > Carl
> > 
> > Sent with ProtonMail Secure Email.
> > 
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > 
> > On Wednesday, March 17th, 2021 at 16:04, Michael Rutter <marutter using gmail.com> 
> wrote:
> > > On 3/17/21 7:27 AM, Carl Delfin wrote:
> > > > Hi everyone,
> > > > 
> > > > Since apt-key will be deprecated in future releases of Debian
> > > > (https://manpages.debian.org/testing/apt/apt-key.8.en.html), I recently
> > > > got around to figuring out how to properly import Michael Rutter's key,
> > > > based on this answer over at askubuntu:
> > > > https://askubuntu.com/a/1307181.
> > > > 
> > > > Perhaps something along those lines should be added to the README at
> > > > https://cran.r-project.org/bin/linux/ubuntu/fullREADME.html?
> > > > 
> > > > Cheers,
> > > > 
> > > > Carl
> > > 
> > > Carl,
> > > 
> > > Thank you. I need to read these posts over to see if the instructions
> > > 
> > > can be condensed, but this is very helpful.
> > > 
> > > Michael
> > > 
> > > > Sent with ProtonMail Secure Email.
> > > > 
> > > > [[alternative HTML version deleted]]
> > > > 
> > > > R-SIG-Debian mailing list
> > > > 
> > > > R-SIG-Debian using r-project.org
> > > > 
> > > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
> > > 
> > > R-SIG-Debian mailing list
> > > 
> > > R-SIG-Debian using r-project.org
> > > 
> > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
> > 
> > _______________________________________________
> > R-SIG-Debian mailing list
> > R-SIG-Debian using r-project.org
> > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
> 
> 
> -- 
> Johannes Ranke
> Wissenschaftlicher Berater
> 07624 8099027
> https://jrwb.de
> 
> _______________________________________________
> R-SIG-Debian mailing list
> R-SIG-Debian using r-project.org
> https://stat.ethz.ch/mailman/listinfo/r-sig-debian



More information about the R-SIG-Debian mailing list