ROS-Lunar Install on Debian Stretch: apt-key deprecation
On a fresh install of Debian Stretch, I ran into an issue when using the ROS Lunar Debian Install instructions [1]. The apt-key
error output:
$ sudo apt-key adv -v --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
Executing: /tmp/apt-key-gpghome.AaDAEF/gpg.1.sh -v --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.ArFCphGHwI/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr
After googling around a bit, it seems the Debian team has deprecated the use of apt-key
[2]. Users say a workaround is to install the package dirmngr
to keep using apt-key
, but the Debian community recommends against this in Stretch and beyond.
Instead there is a Debian tutorial on adding trusted keys via https
to a Stretch install [3], which basically boils down to needing to retrieve keys using something like the following:
wget -O /usr/share/keyrings/deriv-archive-keyring.gpg https://deriv.example.net/debian/deriv-archive-keyring.gpg
My question: can I grab the gpg keys from the ha.pool.sks-keyservers.net
via wget
? Does OSRF have any other method for distributing gpg keys over https
? It seems other users may have run into this issue, without knowing the root cause [4] & [5].
[1] http://wiki.ros.org/lunar/Installatio...
[2] https://bugs.debian.org/cgi-bin/bugre...
[3] https://wiki.debian.org/DebianReposit...
[4] https://answers.ros.org/question/2731...
[5] https://answers.ros.org/question/2714...
Related question: #q264654.
My answer to that question also mentions it's a work-around, and something more structural would need to be found.
As to
wget
ting the key: sure: the key is located athttps://packages.ros.org/ros.key
.One issue with that: the certificate there is not valid for
packages.ros.org
, but that .... could be solved.
Not using
apt-key
was how all install tutorials did it btw, before switching toapt-key
.The
ros-lunar-ros-core
Docker image just installsdirmngr
andgnupg2
at the moment (here).@gvhoorn I think it's fine for us to recommend using the workaround and install
dirmngr
andgnupg2
for now. A a minimum, we need to update the Lunar Debian install guide to include this step, and we should open a ticket to address the issue properly. Where should I submit such a ticket?Hm. Not sure.
For the wiki I would either just edit the relevant pages, or perhaps if we'd want to discuss this first, post something on ros-infrastructure/roswiki/issues. Really a guess though.
Perhaps this could be discussed on ROS Discourse. That would probably be a better venue than the
roswiki
issue tracker.