Since this issue already tracks the deb822 format rewrite, could it also cover the use of ASCII-armored (.asc) keys when adding third-party repositories? This is a common procedure expected by several major upstream projects, but it isn't currently documented in the relevant Ubuntu Server pages such as Third party repository usage and Install and manage packages
Combining the ASCII-armored key documentation here seems like a great fit. Specifically, it would be helpful to document:
-
Using .asc keys directly with the deb822 Signed-By field without dearmoring them first if possible. This needs verification as I couldn't get information from the specs, only a reference from repolib (below).
-
Dearmoring keys for use with apt. Other projects still expect users to convert .asc keys using gpg --dearmor. For example:
-
MongoDB: curl -fsSL https://pgp.mongodb.com/server-8.0.asc | sudo gpg -o /usr/share/keyrings/mongodb-server-8.0.gpg --dearmor
-
Adoptium: wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/adoptium.gpg
Related references:
Spec: APT deb822 sources by default
repolib: Adding ASCII-armored keys directly
Docker: Install using the apt repository
MongoDB: Install on Ubuntu
Adoptium: Linux installation
Originally posted by @maubuz in #641
Originally posted by @maubuz in #641