[R-sig-Debian] Solution to apt-key depreciation
Gordon Ball
gordon @end|ng |rom chron|t|@@net
Sat Mar 20 20:13:04 CET 2021
For the debian usecase at least, it might be worth looking at extrepo
[1][2]. It maintains a list of known external apt repositories, along
with the correct config and keys, which can then be enabled with a
single command.
I don't know how well it works downstream with Ubuntu, but for debian at
least, getting a definition for CRAN added would let people who want to
enable it do so.
Gordon
[1]: https://grep.be/blog/en/computer/debian/Announcing_extrepo/
[2]: https://salsa.debian.org/extrepo-team/extrepo-data
On Thu, Mar 18, 2021 at 09:03:12AM +0100, Johannes Ranke wrote:
> Hi all,
>
> thanks for thoughts and valuable information on this issue. I think it will
> not make the CRAN repositories any safer to use. But I believe it will
> increase security of Debian/Ubuntu repositories in general.
>
> As bullseye will still contain apt-key and Debians release cycle is a bit more
> relaxed, I can still afford to sit back for a while and watch...
>
> Greetings,
>
> Johannes
>
> Am Mittwoch, 17. März 2021, 16:52:17 CET schrieb Carl Delfin:
> > Michael,
> >
> > Sounds great!
> >
> > If it's any help, I put my solution in a bash script:
> >
> > #!/bin/bash
> > KEY=/usr/local/share/keyrings/marutter.key
> >
> > if [ -f "$KEY" ]; then
> > echo "$KEY already exists"
> > sudo apt install -y r-base
> > else
> > wget -q -O marutter.key
> > "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xe298a3a825c0d65dfd
> > 57cbb651716619e084dab9" if ! file marutter.key | grep -q "PGP public key";
> > then
> > echo "marutter.key does not appear to be a valid PGP key - aborting!"
> > exit 1
> > else
> > sudo mkdir -p /usr/local/share/keyrings/
> > sudo mv marutter.key /usr/local/share/keyrings/
> > echo "deb [signed-by=/usr/local/share/keyrings/marutter.key]
> > https://cloud.r-project.org/bin/linux/ubuntu groovy-cran40/" | sudo tee -a
> > /etc/apt/sources.list fi
> > sudo apt install -y r-base
> > fi
> >
> > Nothing fancy by any means, but it works and could perhaps be useful.
> >
> > Cheers,
> > Carl
> >
> > Sent with ProtonMail Secure Email.
> >
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> >
> > On Wednesday, March 17th, 2021 at 16:04, Michael Rutter <marutter using gmail.com>
> wrote:
> > > On 3/17/21 7:27 AM, Carl Delfin wrote:
> > > > Hi everyone,
> > > >
> > > > Since apt-key will be deprecated in future releases of Debian
> > > > (https://manpages.debian.org/testing/apt/apt-key.8.en.html), I recently
> > > > got around to figuring out how to properly import Michael Rutter's key,
> > > > based on this answer over at askubuntu:
> > > > https://askubuntu.com/a/1307181.
> > > >
> > > > Perhaps something along those lines should be added to the README at
> > > > https://cran.r-project.org/bin/linux/ubuntu/fullREADME.html?
> > > >
> > > > Cheers,
> > > >
> > > > Carl
> > >
> > > Carl,
> > >
> > > Thank you. I need to read these posts over to see if the instructions
> > >
> > > can be condensed, but this is very helpful.
> > >
> > > Michael
> > >
> > > > Sent with ProtonMail Secure Email.
> > > >
> > > > [[alternative HTML version deleted]]
> > > >
> > > > R-SIG-Debian mailing list
> > > >
> > > > R-SIG-Debian using r-project.org
> > > >
> > > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
> > >
> > > R-SIG-Debian mailing list
> > >
> > > R-SIG-Debian using r-project.org
> > >
> > > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
> >
> > _______________________________________________
> > R-SIG-Debian mailing list
> > R-SIG-Debian using r-project.org
> > https://stat.ethz.ch/mailman/listinfo/r-sig-debian
>
>
> --
> Johannes Ranke
> Wissenschaftlicher Berater
> 07624 8099027
> https://jrwb.de
>
> _______________________________________________
> R-SIG-Debian mailing list
> R-SIG-Debian using r-project.org
> https://stat.ethz.ch/mailman/listinfo/r-sig-debian
More information about the R-SIG-Debian
mailing list