On Mon, Jun 19, 2023 at 11:15 PM Rick Thomas <rick.tho...@pobox.com> wrote: > > I recently upgraded one of my Debian Bullseye machines to Bookworm. The > machine's main purpose is to run Virtualbox to allow me to experiment on > disposable VMs rather than real hardware. > > Now when I do "apt update" I get this message: > .W: > https://download.virtualbox.org/virtualbox/debian/dists/bullseye/InRelease: > Key is stored in legacy trusted.gpg > keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in > apt-key(8) for details. > > I've thoroughly RTFM in search of a clue as to how to fix this, but I can't > figure out what I'm supposed to do. > > Has anybody else seen this? If so, what did you do? And did it help?
I _think_ the key should be stored in its own file under /etc/apt/trusted.gpg.d. Maybe something like /etc/apt/trusted.gpg.d/virtual-box.gpg. Also see https://wiki.debian.org/SecureApt and the part: apt-key is a program that is used to manage a keyring of OpenPGP keys for secure apt. The keyring is kept in the file /etc/apt/trusted.gpg (not to be confused with the related but not very interesting /etc/apt/trustdb.gpg). apt-key can be used to show the keys in the keyring, and to add or remove a key. In more recent Debian GNU/Linux versions (Wheezy, for example), the keyrings are stored in specific files all located in the /etc/apt/trusted.gpg.d directory. For example, that directory could contain the following files: debian-archive-squeeze-automatic.gpg or debian-archive-wheezy-automatic.gpg. Incidentally, both files are provided by the debian-archive-keyring package. Jeff
