Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy

Hybrid View

  1. #1
    Join Date
    Oct 2009
    Beans
    112
    Distro
    Ubuntu

    Question Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy

    For some time I get following error when I try to update the system [Ubuntu 22.04, upgraded from 20.04 two years ago]:
    Code:
    W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details
    It may have started when I tried to clean up the PPA list including Authentication keys in Software & Updates.

    I applied the tips from this AskUbuntu question (https://askubuntu.com/a/1409732/30631) and the discussion https://chat.stackexchange.com/rooms...a-and-filbuntu. But it did not solve the problem.

  2. #2
    Join Date
    Jul 2009
    Beans
    517
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Depending on what you've already done, it may be the case that you've got multiple keys in /etc/apt/trusted.gpg.d that are the same and would need cleaning up.

    The below will give you a rough idea if you've got any duplicate keys. It'll only work if they're in the same format.
    Code:
    cd /etc/apt/trusted.gpg.d
    md5sum * | grep -F -f <(md5sum * | awk '{print $1}' | sort | uniq -c | grep -v '\b1\b' | awk '{print $2}')
    What is the output of
    Code:
    sudo apt-key --keyring /etc/apt/trusted.gpg list
    I suspect you need to delete any keys that are still in there.

    Disable any custom repositories you have in /etc/apt/sources.list.d/ by renaming the files.

    Run
    Code:
    sudo apt update
    and it should complete without a error.

    Then re-enable a custom repository one at a time. Check the file for a line that includes the signed-by= block as that's specifying an explicit key to use. If it's using one of them then it should be fine.

    Run
    Code:
    sudo apt update
    again. It may complain about a missing key if it had originally been stored in the file /etc/apt/trusted.gpg

    If that's the case, you'll need to get the key again following the guide for man apt-key in terms of where / how to store it.

    Rinse and repeat for each custom repository you have.
    Last edited by btindie; January 31st, 2024 at 11:04 AM.
    Mark your thread as [SOLVED], use Thread Tools on forum page.

  3. #3
    Join Date
    Oct 2009
    Beans
    112
    Distro
    Ubuntu

    Red face Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Hi btindie

    Thanks a lot for your answer and guidance!

    Following are the outputs of the different commands.

    A minor correction: cd is probably needed for the first command
    Code:
    cd /etc/apt/trusted.gpg.d
    Code:
    $ cd /etc/apt/trusted.gpg.d
    $ md5sum * | grep -F -f <(md5sum * | awk '{print $1}' | sort | uniq -c | grep -v '\b1\b' | awk '{print $2}')
    d41d8cd98f00b204e9800998ecf8427e  flatpak-ubuntu-stable.gpg~
    d41d8cd98f00b204e9800998ecf8427e  gerardpuig-ubuntu-ppa.gpg~
    d41d8cd98f00b204e9800998ecf8427e  kdenlive-ubuntu-kdenlive-stable.gpg~
    76cef3f1e93a78af2ad3a870b21665f5  mozillateam-ubuntu-ppa.gpg
    76cef3f1e93a78af2ad3a870b21665f5  mozillateam-ubuntu-ppa.gpg~
    5bf101fe585dbf6ef2d1ff53132a8ea8  openshot_developers-ubuntu-ppa.gpg
    5bf101fe585dbf6ef2d1ff53132a8ea8  openshot_developers-ubuntu-ppa.gpg~
    c8a95bb9ebecd5d6b174fff4315026fe  strukturag_ubuntu_libde265.gpg~
    c8a95bb9ebecd5d6b174fff4315026fe  strukturag_ubuntu_libheif.gpg~
    d41d8cd98f00b204e9800998ecf8427e  touchegg-ubuntu-stable.gpg~
    78e1975c64db2f4e09efa2e3abbb5a78  vivaldi-33EAAB8E.gpg
    78e1975c64db2f4e09efa2e3abbb5a78  vivaldi-33EAAB8E.gpg~
    fece3f2fc18543a29c1513edbba4c92e  vivaldi-4218647E.gpg
    fece3f2fc18543a29c1513edbba4c92e  vivaldi-4218647E.gpg~
    feebefe6a45409be4db76b3832d165cb  webupd8team-ubuntu-y-ppa-manager.gpg
    feebefe6a45409be4db76b3832d165cb  webupd8team-ubuntu-y-ppa-manager.gpg~

    Code:
    $sudo apt-key --keyring /etc/apt/trusted.gpg list
    
    Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
    /etc/apt/trusted.gpg
    --------------------
    pub   rsa4096 2017-04-05 [SC]
          ABBA 007D 6E14 E2DB 5B28  3C45 D599 C1AA 1267 62B1
    uid           [ unknown] Wire Releases Signing Key <releases@wire.com>
    sub   rsa4096 2017-04-05 [E]
    
    pub   rsa2048 2010-02-11 [SC]
          1C61 A265 6FB5 7B7E 4DE0  F4C1 FC91 8B33 5044 912E
    uid           [ unknown] Dropbox Automatic Signing Key <linux@dropbox.com>
    
    pub   rsa4096 2018-09-17 [SC]
          F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
    uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>
    
    pub   rsa4096 2019-09-12 [SC] [expired: 2021-09-11]
          68E9 B2B0 3661 EE3C 44F7  0750 4B8E C3BA ABDC 4346
    uid           [ expired] Opera Software Archive Automatic Signing Key 2019 <packager@opera.com>
    
    pub   rsa4096 2017-04-11 [SC] [expired: 2019-09-28]
          D4CC 8597 4C31 396B 18B3  6837 D615 560B A5C7 FF72
    uid           [ expired] Opera Software Archive Automatic Signing Key 2017 <packager@opera.com>

    I have not yet deleted any keys that are still in there. How would you recommend to do it?


    I disabled any custom repositories in /etc/apt/sources.list.d/ by renaming the files.

    Code:
    $ sudo apt update
    Hit:1 https://download.virtualbox.org/virtualbox/debian jammy InRelease        
    Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease                         
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    1 package can be upgraded. Run 'apt list --upgradable' to see it.
    W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    Could you give any additional with the above information? Thanks in advance!
    Last edited by tellapu; January 31st, 2024 at 09:23 AM.

  4. #4
    Join Date
    Jul 2009
    Beans
    517
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Quote Originally Posted by tellapu View Post
    A minor correction: cd is probably needed for the first command
    Code:
    cd /etc/apt/trusted.gpg.d
    Well spotted! I've fixed that in my original post.

    All of the duplicate keys you have in /etc/apt/trusted.gpg.d/ appear to be backups — files ending in '~'. It should be fine to clean them up by running
    Code:
    sudo rm -v /etc/apt/trusted.gpg.d/*~
    It looks like the keys you have stored in /etc/apt/trusted.gpg are either expired or really old, so you should simply be able to delete them.

    You can delete each key stored in that file with:
    Code:
    #!/bin/bash
    while read KEY; do
      echo "Deleting key: $KEY"
      apt-key --keyring /etc/apt/trusted.gpg del "$KEY" 2>/dev/null
    done < <(apt-key --keyring /etc/apt/trusted.gpg list 2>/dev/null | sed -E -ne '/^\s+[[:alnum:] ]/s/.*([[:alnum:]]{4}) ([[:alnum:]]{4})$/\1\2/p' )
    You'll want to run the above script as root
    1. so save it to disk as /tmp/clean.sh (the filename doesn't matter)
    2. make it executable with chmod +x /tmp/clean.sh
    3. run sudo /tmp/clean.sh

    When done, you can delete that file.

    It may be possible to just delete that file, I'm not familiar with that specific version of Ubuntu. But with Debian 12 it doesn't have one.

    You'll then be able to run apt update and hopefully that should have fixed that error message.

    You can then re-enable the disabled repositories one by one followed by apt update adding any missing keys if required.


    Mark your thread as [SOLVED], use Thread Tools on forum page.

  5. #5
    Join Date
    Oct 2009
    Beans
    112
    Distro
    Ubuntu

    Cool Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Thanks again for the quick response!

    Just a small note for others following the thread in the future. Instead of
    run sudo /tmp/clean.sh
    It is probably: cd /tmp/-path and then ./clean.sh (https://askubuntu.com/questions/3866...run-sh-scripts)

    Code:
    $ sudo rm -v /etc/apt/trusted.gpg.d/*~ removed '/etc/apt/trusted.gpg.d/agornostal_ubuntu_ulauncher.gpg~'
    removed '/etc/apt/trusted.gpg.d/alexlarsson_ubuntu_flatpak.gpg~'
    removed '/etc/apt/trusted.gpg.d/bablu-boy_ubuntu_nutty.gpg~'
    removed '/etc/apt/trusted.gpg.d/brave-browser-release.gpg~'
    removed '/etc/apt/trusted.gpg.d/dschaerf-ubuntu-rogerrouter.gpg~'
    removed '/etc/apt/trusted.gpg.d/dschaerf_ubuntu_rogerrouter.gpg~'
    removed '/etc/apt/trusted.gpg.d/embrosyn_ubuntu_cinnamon.gpg~'
    removed '/etc/apt/trusted.gpg.d/flatpak-ubuntu-stable.gpg~'
    removed '/etc/apt/trusted.gpg.d/gerardpuig-ubuntu-ppa.gpg~'
    removed '/etc/apt/trusted.gpg.d/gerardpuig_ubuntu_ppa.gpg~'
    removed '/etc/apt/trusted.gpg.d/home_bgstack15_aftermozilla.gpg~'
    removed '/etc/apt/trusted.gpg.d/home_stevenpusser.gpg~'
    removed '/etc/apt/trusted.gpg.d/kdenlive-ubuntu-kdenlive-stable.gpg~'
    removed '/etc/apt/trusted.gpg.d/microsoft.gpg~'
    removed '/etc/apt/trusted.gpg.d/mozillateam-ubuntu-ppa.gpg~'
    removed '/etc/apt/trusted.gpg.d/openshot_developers-ubuntu-ppa.gpg~'
    removed '/etc/apt/trusted.gpg.d/qr-tools-developers_ubuntu_daily.gpg~'
    removed '/etc/apt/trusted.gpg.d/strukturag_ubuntu_libde265.gpg~'
    removed '/etc/apt/trusted.gpg.d/strukturag_ubuntu_libheif.gpg~'
    removed '/etc/apt/trusted.gpg.d/touchegg-ubuntu-stable.gpg~'
    removed '/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg~'
    removed '/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg~'
    removed '/etc/apt/trusted.gpg.d/vivaldi-33EAAB8E.gpg~'
    removed '/etc/apt/trusted.gpg.d/vivaldi-4218647E.gpg~'
    removed '/etc/apt/trusted.gpg.d/vivaldi-B69735B2.gpg~'
    removed '/etc/apt/trusted.gpg.d/vivaldi-C27AA466.gpg~'
    removed '/etc/apt/trusted.gpg.d/webupd8team-ubuntu-y-ppa-manager.gpg~'
    Code:
    $ ./clean.sh
    Deleting key: 126762B1
    Deleting key: 5044912E
    Deleting key: 991BC93C
    Deleting key: ABDC4346
    Deleting key: A5C7FF72
    Unfortunately it did not help:

    Code:
    $ sudo apt update
    Hit:1 https://download.virtualbox.org/virtualbox/debian jammy InRelease        
    Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease                        
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    1 package can be upgraded. Run 'apt list --upgradable' to see it.
    W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    It looks like to be a difficult case ... Hopefully you have some more tips! Thanks in advance!

  6. #6
    Join Date
    Jul 2009
    Beans
    517
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Quote Originally Posted by tellapu View Post
    Just a small note for others following the thread in the future. Instead of
    run sudo /tmp/clean.sh
    It is probably: cd /tmp/-path and then ./clean.sh (https://askubuntu.com/questions/3866...run-sh-scripts)
    It doesn't make any difference if you run
    Code:
    cd /tmp
    ./clean.sh
    or simply
    Code:
    /tmp/clean.sh
    they both do the same thing. The script is using absolute paths so it doesn't matter what directory you're in.

    The issue with what you've done though is you haven't followed the instructions fully.

    You forgot to prefix /tmp/clean.sh with sudo meaning that you would of had insufficient privileges to modify the keyring. STDERR is redirected to /dev/null to avoid all those stupid messages "Warning: apt-key is deprecated.". But the consequence of that is it wouldn't have displayed a message about being unable to update the keyring. If you remove 2>/dev/null from the apt-key del command you'll see.

    Once done correctly, list the keys in the keyring again — it should be empty this time.
    Code:
    sudo apt-key --keyring /etc/apt/trusted.gpg list
    Mark your thread as [SOLVED], use Thread Tools on forum page.

  7. #7
    Join Date
    Dec 2014
    Beans
    2,721

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    First off, it's not an error, it's a warning (that's what the 'W:' at the beginning means). 'apt-key' as a program is deprecated, you're not supposed to use one central /etc/apt/trusted.gpg anymore but have separate key files in /etc/apt/trusted.gpg.d/ instead. Doing it that way makes adding and removing keys a simple matter of file management. You can also have your keys elsewhere and have a Signed-By option either pointing to the key-file or including the key in your sources.list for each repository. My Xubuntu 22.04 - which was a clean install, not an update - doesn't have a /etc/apt/trusted.gpg at all.

    Holger

  8. #8
    Join Date
    Oct 2009
    Beans
    112
    Distro
    Ubuntu

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Thank you, @Holger, for the response! It is indeed only a warning by now. In the beginning, the message would also show when I tried to update the system with the "Updater" or in "Updates" in "Software" and more like an error message. With the instructions by btindie, the warning only appears in the terminal now.

    At the same time, I noticed that there is a new option in "Software & Updates": "Subscribed to". I have not seen this before and not sure if I have overlooked it.

    I changed the "Subscribed to" From "Custom" to "All updates" and finally all the missing updates arrive to my system.

    As my install is not a clean install but an update from 20.04, the key storage is not sorted out yet and I would be glad if it is changed to the new more secure way and the warning addressed.

  9. #9
    Join Date
    May 2010
    Beans
    3,498

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le


  10. #10
    Join Date
    Oct 2009
    Beans
    112
    Distro
    Ubuntu

    Re: Error http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: Key is stored in le

    Thank you, ActionParsnip, for your response!

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •