134

I just upgraded from Ubuntu 21.10 to 22.04.

sudo apt update ends with the following warnings...

W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Synaptic shows the same warnings on a reload.

Reviewing man apt-key doesn't clarify this for me.

I think this is because Ubuntu 22.04 has transitioned from using /etc/apt/trusted.gpg to using individual .gpg files located in /etc/apt/trusted.gpg.d.

Can these keys be converted from one to the other, or must I delete these keys and reimport them?

heynnema
  • 73,937

8 Answers8

216

The easy way to fix these warning messages generated by sudo apt update...

W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Note: These warning messages can be generated by any enabled repo or ppa in Software & Updates "Other Software" tab.

Example fix:

For this warning message with sudo apt update...

W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

We look in sudo apt-key list and find this entry for xbmc...

pub   rsa1024 2009-01-20 [SC]
      1897 01DA 570C 56B9 488E  F60A 6D97 5C47 91E7 EE5E
uid           [ unknown] Launchpad PPA for XBMC for Linux

Then we convert this entry to a .gpg file, using the last 8 numeric characters from above...

sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg

Optionally you can remove the deprecated key from /etc/apt/trusted.gpg by running:

sudo apt-key --keyring /etc/apt/trusted.gpg del 91E7EE5E

Repeat the above commands for each warning message generated by sudo apt update.

Note: Partially taken from the accepted answers here and here.

Ivan Gabriele
  • 716
heynnema
  • 73,937
  • 4
    That's the answer i was looking for. Thanks! – YourHelper May 25 '22 at 18:32
  • Awesome. This worked for me. Is there any reason to delete the key from the legacy system? – lindhe Jun 28 '22 at 08:47
  • @lindhe That's optional. I haven't on my system. No problem. – heynnema Jun 28 '22 at 12:58
  • 1
    I tried different way to achieve this, and this is the easier way. I got a warning (Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).), but the .gpg file was created. – avpaderno Jul 08 '22 at 08:48
  • Can you use the apt-key list to generate a gpg file without knowing the apt error? Your example above uses team-xbmc but the key list does not have the name stored. Is there a way to do this without knowing the apt error? I want to eliminate the warning before it occurs. – DontAsk Aug 06 '22 at 16:55
  • @JimTippins Yes you can... however... the "apt-key list" may generate a much longer list than you really need to worry about. Observing any warning errors from "sudo apt update" would save you a lot of time. – heynnema Aug 06 '22 at 18:05
  • Why so manual? Let’s fully automate this! (Also, why is this not automatically handled? E.g. a drop-in for apt-key, or whatever…) EDIT: @JDMcMillian below automated it. Yay! –  Aug 11 '22 at 16:00
  • 1
    @Evi1M4chine The problem with the automated way (besides the fact that it uses a ~50 character bash script from an unknown author) is that it exports ALL of the entries in trusted.gpg, and many aren't needed. My way only exports the NEEDED entries. – heynnema Aug 11 '22 at 16:45
  • @heynnema: Your way exports nothing at all though. ^^ The user has to do that. Which kinda misses the whole point of having a computer. ^^ … I agree that only the required should be exported. But then again there shouldn’t be any other ones in there in the first place, should there? And if there are, well, a filter should be added to the script. … And also, you don’t exactly know who wrote the rest of the code executed on your system either. Obviously one is expected to read and understand the script before executing it. Which is why I edited the answer to make it readable. :) –  Aug 13 '22 at 11:25
  • 2
    @heynnema: Btw, the exact reason I was looking for a script was, because your way made it extremely cumbersome to find which ones were actually needed. So while your intention was undoubtedly good, one ended up writing a loop to do it to all of them anyway. ^^ –  Aug 13 '22 at 11:27
  • @Evi1M4chine re: "because your way made it extremely cumbersome to find which ones were actually needed"... a sudo apt update is all that's required to see which entries need conversion. – heynnema Aug 13 '22 at 12:21
  • @heynnema: No it isn’t, since your method demands manually finding which key is related to which warning, and doesn’t say how to do that. When the warning normally does not even include any strings that can even be found in apt-key list. … Your example got very lucky by having the XBMC in lowercase in that URL, and in uppercase in the key description. This can not be generalized, as one has no clue which part of the URL might match which part of the key description, and there is not necessarily any match at all. –  Aug 17 '22 at 22:43
  • 1
    If you get a Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). gpg: WARNING: nothing exported gpg: no valid OpenPGP data found. error is because the hash needs to be written in a single bloc. – David Beauchemin Sep 22 '22 at 16:15
  • @heynnema Thank you for the answer! How would you deal with W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease Key is stored in legacy ...? – Filbuntu Nov 08 '23 at 08:48
  • @Filbuntu Try this simple fix first... go to the Software & Updates app, Ubuntu Software tab, note which Download Server is selected, select any other country server, then do a sudo apt update, then change the server (back) to the server for your country, and do sudo apt update again. See if that fixes the problem. – heynnema Nov 08 '23 at 14:04
  • @Filbuntu I didn't tell you to uncheck all sources. That defeated the attempted fix. Check all sources, change download server to some other country, sudo apt update, change download server to your country, sudo apt update. – heynnema Nov 08 '23 at 18:35
  • @heynnema Wow, you are quick. Sorry that I shorten what I did. I did what you wrote several times WITHOUT unchecking all sources. I tried different servers around the world and switch back to my country again. As this did not work some days ago, I tried with unchecked sources (and server change) and restart - this did not fix the problem, either. Today I tried your recommendation again but still not helping the problem. It is a pity as it would have been a nice and easy fix. – Filbuntu Nov 08 '23 at 18:50
  • @Filbuntu Then try this. Open Software & Updates, Authentication tab. See if you find an entry for "Ubuntu Archive". On my system, it shows the key ending in C0B21F32 (yours may be different). Use the last 8 numbers to create a new gpg key as per the instructions. Then do sudo apt update and see if the error is gone. – heynnema Nov 09 '23 at 03:22
  • @Filbuntu Show me ls -al /etc/apt/trusted.gpg.d/ubuntu-keyring*, and sudo apt-key list | grep -i "Ubuntu Archive" -B5. Put each command output into separate comments. – heynnema Nov 09 '23 at 14:16
  • 1
    Let us continue this discussion in chat. – heynnema Nov 09 '23 at 15:22
  • Didn't work as is for me but was enough to figure it out. Here's a few suggestions to improve the answer: 1) Removing the deprecated key is not optional (Bookworm). 2) When storing the exported key, which extension to use matters. If key is unarmoured as in the example, it needs to have the extension gpg not asc. The error gotten when this is incorrect is not obvious. See man 8 apt-key under DEPRECATION for details and where the last point is mentioned. – Michael Ambrus Jun 10 '24 at 13:50
  • @MichaelAmbrus 1) I did list how to remove the depreciated key... and my experience is that it doesn't matter if you do/don't. Please give the exact location where we can see the Bookworm comment. 2) my answer does indicate .gpg for the output file. – heynnema Jun 10 '24 at 13:56
  • sudo apt-key list didn't work for me because my /etc/apt/trusted.gpg was a directory somehow. To solve this, first manually remove /etc/apt/trusted.gpg recursively and then run your script again (in my case it was NewRelic infrastructure agent) to create the key and then you can follow the rest of this answer as you normally would. – solstinger Jul 07 '25 at 12:13
  • @solstinger You probably confused trusted.gpg.d with trusted.gpg. Two different things. You should try to reassemble the trusted.gpg.d directory. – heynnema Jul 07 '25 at 14:07
  • Nah, I didn't confuse them. When I started, I didn't have trusted.gpg.d present on my machine. I only had trusted.gpg.d and it was a directory. Not sure how this happened but that's how it was. – solstinger Jul 08 '25 at 16:26
  • @solstinger You're still confused... you say "I didn't have trusted.gpg.d present on my machine" but then you follow it with "I only had trusted.gpg.d and it was a directory". You should have a file called trusted.gpg, and a directory called trusted.gpg.d. – heynnema Jul 09 '25 at 02:40
  • That was a typo, the second directory name was trusted.gpg. – solstinger Jul 10 '25 at 08:29
148

Came across this problem after moving to Ubuntu 22.04 and wanted to add my solution. I had a lot of keys that needed to be updated/converted. This is not an optimal solution, but works well.

This solution is specific to Ubuntu 22.04, with bash 5.2.16. Other distributions and versions may not work.

A one-liner to convert all those deprecated keys to the new format.

PLEASE TAKE THE TIME TO UNDERSTAND WHAT YOU’RE DOING HERE BEFORE RUNNING IT!! Also make sure your bash is not too old. My bash version: GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)

for KEY in $(apt-key --keyring /etc/apt/trusted.gpg list | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" | tr -d " " | grep -E "([0-9A-F]){8}\b" ); do K=${KEY:(-8)}; apt-key export $K | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg; done

And for those that want something more readable....

for KEY in $( \
    apt-key --keyring /etc/apt/trusted.gpg list \
    | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" \
    | tr -d " " \
    | grep -E "([0-9A-F]){8}\b" \
); do
    K=${KEY:(-8)}
    apt-key export $K \
    | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg
done

Explanation:

  1. Retrieve the list of known keys:

    apt-key list

  2. Find all groupings of hexadecimal characters that have 1 or 2 spaces in front of them, and are 4 characters long. Get the collection of those that have 10 groupings per line. This provides the full key signature.

    grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})"

  3. Trim away (delete) all spaces on each line found, so that key signature is unbroken by white space:

    tr -d " "

  4. Grab the last 8 characters of each line:

    grep -E "([0-9A-F]){8}\b"

    Now we have a collection of key suffixes, each 8 characters in length.

  5. Cycle through each key suffix, placing the current suffix in the KEY variable:

    for KEY in $(…); do

  6. Assign the last 8 characters to the variable K:

    K=${KEY:(-8)};

  7. Export the key that matches the signature in K and pass/pipe it to gpg to properly store it:

    apt-key export $K | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg

  8. Loop until all keys are processed.

    done

  9. Enjoy no more deprecation warnings.

Special thanks to heynnema whose solution is at the core of this.

nickspoon
  • 103
JDMcMillian
  • 1,652
  • 11
    Not sure why this doesn't have more upvotes... It works like a charm. – dentex Aug 07 '22 at 19:03
  • 1
    THIS is how to do this! –  Aug 11 '22 at 16:05
  • 3
    Note that the “not optimal” part probably refers to this ”polluting” the key new directory with these keys, which stay there even if they are replaced (leading to duplicates) or even revoked (e.g. due to being compromised). So once every ppa has caught up, this needs to be cleaned up again! (rm -f /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-*.gpg) –  Aug 11 '22 at 16:28
  • 1
    Simply amazing! Thanks! – TheodorosPloumis Sep 08 '22 at 15:43
  • Doesn't work for me on Mint 21. My Update Manager error message was W:https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy... After copying the bash script as given above into upd.sh, and running it, I get the warning message Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)) followed by ./upd.sh: 7: Bad substitution – FumbleFingers Sep 15 '22 at 13:40
  • The command listed above is not a shell script. it's a single command on the command line. The '' characters at the end of each line were added by karel to make it easier to read, but you can copy/paste the entire blub into a command line prompt. Having said that, I had over 20 to convert when I wrote this command. If you have only 1 or 2 keys to transform, I recommend following heynnema's original (accepted) solution to understand better. A script or even a large (albeit; a single line) command should never replace your understanding on any linux based system. – JDMcMillian Sep 16 '22 at 23:20
  • @JDMcMillian thanks for the great explanation of the steps you used here. – JJGabe Oct 21 '22 at 15:33
  • 1
    I confirm functionality also on Linux Mint 21 (bash version 5.1.16(1)). Thank you, good job. – Martin Osusky Dec 11 '22 at 12:20
  • This worked well after upgrading to Debian12. I think commands like sudo apt-get upgrade should prompt the user to run this command or sth similar to just import all the keys at once. Many users can't handle such problems (if the notice them at all in the package manager GUIs) and searching online to tinker around shouldn't be required for just upgrading packages, especially since having up-to-date packages is a security aspect and because there could be many keys. – mYnDstrEAm Apr 08 '24 at 16:12
  • $ cat apt-key-converter.sh #!/bin/bash #set -x for KEY in $(
    apt-key --keyring /etc/apt/trusted.gpg list
    | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})"
    | tr -d " "
    | grep -E "([0-9A-F]){8}\b"
    ); do K=${KEY:(-8)} apt-key export $K
    | sudo gpg --batch --yes --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg done #set

    I added "--batch --yes" to "gpg" command to overwrite the key file in case it was already existant (like after an interrupted execution of the script)

     – Andrea Turbiglio Sep 07 '24 at 11:04
39

What worked for me was:

mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/
mykahveli
  • 491
  • 1
    This worked for me as well. Plus, I had difficulties with the chosen answer as it was so complex but doing this one worked and was easy. I'm on Linux Mint (Vanessa) – Barra Aug 09 '22 at 16:27
  • This didn't resolve the issue in Mint vanessa, I had to go to the sources list and remove the problem ones – Alkanshel Aug 10 '22 at 00:56
  • This worked for me on Mint21. I laboriously followed the complicated instructions of the top-rated answer, but was eventually stymied by some kind of "syntax error" (to do with the teamviewer key being differently structured/stored, I think). To be on the safe side I did a full system backup with fsarchiver before running the single-line solution given here. But everything looks fine after rebooting, TY – FumbleFingers Sep 15 '22 at 13:55
  • 1
    Worked on Mint 21 :-) – c05772 Oct 27 '22 at 21:54
  • 2
    How about softlinking it instead of moving it, for added compatibility? –  Nov 24 '22 at 13:18
  • I think @Evi1M4chine had the right idea, to create a soft symlink in case something gets clobbered in the future. This worked great on Linux Mint Vanessa. For reference, the problem occurred when my spouse's wifi dropped while he was doing an update. I first tried the "export" solution outlined by heynnema, which gave me a warning that apt-key was deprecated and didn't seem to make a difference. So I scrolled farther down to see these suggestions. Thank you. – Criminally Inane Nov 27 '22 at 21:31
  • This worked for me on Ubuntu 22.04.3, too. But by adding the sudo privilege. – Reza K Ghazi Sep 24 '23 at 23:38
  • This worked for me on Debian 12 (bookworm-backports) – jeffmcneill May 21 '24 at 04:41
  • Oh, man, thanks!! – Sunding Wei Feb 26 '25 at 08:23
9

I modified the @Frank's function to remove the key from the legacy trusted.gpg to avoid duplication.

function apt-key-migrate {
    typeset key="$1"
    typeset dest="$2"


if [ -z "$key" ] || [ -z "$dest" ];
then
    echo "Usage: apt-key-migrate <key> <destination>"
    return 1
fi

sudo apt-key --keyring /etc/apt/trusted.gpg export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
test -s "/etc/apt/trusted.gpg.d/$dest.gpg" && sudo apt-key --keyring /etc/apt/trusted.gpg del $key


}
CAAHS
  • 141
brvoisin
  • 91
6

I've turned @heynnema's answer into a function, which you can place under .bashrc for convenience. This takes two arguments: the key (last 8 characters) and the destination filename for the output GPG file.

function apt-key-migrate {
  typeset key="$1"
  typeset dest="$2"


if [ -z "$key" ] || [ -z "$dest" ];
then
echo "Usage: apt-key-migrate <key> <destination>"
return 1
fi


sudo apt-key export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
}

Example: apt-key-migrate 91E7EE5E team-xbmc

Francis Fajardo
  • 161
4

apt-key is deprecated and shall be replaced on the long run on Ubuntu 22.04.

When you need it, you may delete existing key with:

apt-key list

and

apt-key del YOUR-KEY

Import your key with command like:

curl https://yourrepo.com/repo.key | gpg --dearmor | sudo dd of=/usr/local/share/keyrings/your-repo.gpg

Add the signature to /etc/apt/sources.list.d/your.list

deb [signed-by=/usr/local/share/keyrings/your-repo.gpg]  https://yourepo./ubuntu jammy main

More details on the manual:
link

Good details here as well: link

frank_108
  • 341
2

Solved for my scenario. I have a native OS ubuntu 22 running in a Lenonvo L570 laptop. The OS has been migrated in the following way: Ubuntu 18 with Windows partition, Ubuntu 20 manually removed windows partition and cleaned up, ubuntu 22 wizard upgrade and added the windows partition as an extra partition for movies and pictures.

My error was due to a virtual box gpg key

W: https://download.virtualbox.org/virtualbox/debian/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

to ressolve it i did

  • back up the key
sudo cp /etc/apt/trusted.gpg /etc/apt/trusted.gpg.bk
  • based on answers above
sudo mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/
  • update packages
sudo apt update
Hit:2 https://dl.winehq.org/wine-builds/ubuntu jammy InRelease                                                                    
Hit:3 https://downloads.1password.com/linux/debian/amd64 stable InRelease                                                         
Hit:4 https://download.virtualbox.org/virtualbox/debian jammy InRelease                                                           
Hit:5 https://download.docker.com/linux/ubuntu jammy InRelease                                                                    
Hit:6 http://dl.google.com/linux/chrome/deb stable InRelease                                                                      
Hit:7 http://archive.ubuntu.com/ubuntu jammy InRelease                                                                            
Hit:8 http://dl.google.com/linux/earth/deb stable InRelease                                                                  
Hit:9 http://archive.ubuntu.com/ubuntu jammy-updates InRelease                                                               
Get:10 https://packages.microsoft.com/repos/edge stable InRelease [3,590 B]
Get:1 https://packages.microsoft.com/repos/code stable InRelease [3,590 B]        
Hit:11 http://archive.ubuntu.com/ubuntu jammy-backports InRelease                
Hit:12 https://ppa.launchpadcontent.net/danielrichter2007/grub-customizer/ubuntu jammy InRelease
Hit:13 http://archive.ubuntu.com/ubuntu jammy-security InRelease
Fetched 7,180 B in 2s (4,495 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Andre Leon Rangel
  • 211
0

Thanks to heynnema's solution to remove deprecated trusted keys stored in legacy trusted.gpg keyring one at a time and JDMcMillian's approach using a loop to iterate through them, I wrote a small bash script combining both ideas to remove deprecated trusted keys stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) after they have been converted to the new format that uses individual .gpg files located in /etc/apt/trusted.gpg.d

#!/bin/bash


Script to remove deprecated trusted keys stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) after converting them to the new format that uses individual .gpg files located in /etc/apt/trusted.gpg.d


Source reference https://askubuntu.com/questions/1407632/key-is-stored-in-legacy-trusted-gpg-keyring-etc-apt-trusted-gpg


while true; do
echo "========================================================================="
read -p "Have you converted all deprecated trusted keys stored in legacy trusted.gpg keyring to the new format? (Y/N)" yn
case $yn in
[Yy]* ) echo "REMOVING deprecated trusted keys stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg)";
break;;
[Nn]* ) echo "FIRST please convert all deprecated trusted keys stored in legacy trusted.gpg keyring to the new format";
echo "EXITING"
exit 1;
break;;
* ) echo "Please answer Y or N.";;
esac
done


One liner below


for KEY in $(apt-key --keyring /etc/apt/trusted.gpg list | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" | tr -d " " | grep -E "([0-9A-F]){8}\b" ); do K=${KEY:(-8)}; sudo apt-key --keyring /etc/apt/trusted.gpg del $K; done
Her0n-Hardy
  • 11