gpg

What should we do if APT gives the warning "Missing signed-by=" or indicates the removal of the "trusted.gpg.d" key while updating our repositories?

botond published 2025/03/30, v - 10:14 time
What should we do if APT gives the warning "Missing signed-by=" or indicates the removal of the "trusted.gpg.d" key while updating our repositories? | Linuxportal
One of the basic, regularly recurring tasks of maintaining our Debian or Ubuntu-based servers and systems is updating the package repositories and installed software. I was just doing the usual update cycle on my server these days, which has been a bit behind lately, so I expected that several packages would be updated. However, the update process stopped with interesting messages that drew attention to an important change related to the management of the signing keys of the package repositories. In this article, we will look at how to deal with these problems.

gpg

Gpg linux command manual page and help Linux portal
Manual page and help for the gpg linux command. Gpg is part of the GNU Privacy Guard (GnuPG) OpenPGP. It is a tool that provides digital encryption and signing services using the OpenPGP standard. Gpg includes full authentication key management as well as all the features you would expect from a full OpenPGP implementation. There are two main versions of GnuPG: GnuPG 1.x and GnuPG 2.x. GnuPG 2.x supports modern encryption algorithms, so GnuPG 1.x should be preferred. You should only use GnuPG 1.x if your platform does not support GnuPG 2.x, or you need support for some features that are already deprecated in GnuPG 2.x, such as PGP-2 keys to decrypt the created data.
Subscribe to gpg