Ask Your Question
0

ROS-Lunar Install on Debian Stretch: apt-key deprecation

asked 2017-11-13 22:17:30 -0600

imcmahon gravatar image

updated 2017-11-13 22:26:55 -0600

On a fresh install of Debian Stretch, I ran into an issue when using the ROS Lunar Debian Install instructions [1]. The apt-key error output:

$ sudo apt-key adv -v --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
Executing: /tmp/apt-key-gpghome.AaDAEF/gpg.1.sh -v --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.ArFCphGHwI/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr

After googling around a bit, it seems the Debian team has deprecated the use of apt-key [2]. Users say a workaround is to install the package dirmngr to keep using apt-key, but the Debian community recommends against this in Stretch and beyond.

Instead there is a Debian tutorial on adding trusted keys via https to a Stretch install [3], which basically boils down to needing to retrieve keys using something like the following:

wget -O /usr/share/keyrings/deriv-archive-keyring.gpg https://deriv.example.net/debian/deriv-archive-keyring.gpg

My question: can I grab the gpg keys from the ha.pool.sks-keyservers.net via wget? Does OSRF have any other method for distributing gpg keys over https? It seems other users may have run into this issue, without knowing the root cause [4] & [5].

[1] http://wiki.ros.org/lunar/Installatio...
[2] https://bugs.debian.org/cgi-bin/bugre...
[3] https://wiki.debian.org/DebianReposit...
[4] https://answers.ros.org/question/2731...
[5] https://answers.ros.org/question/2714...

edit retag flag offensive close merge delete

Comments

Related question: #q264654.

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 01:36:23 -0600 )edit

My answer to that question also mentions it's a work-around, and something more structural would need to be found.

As to wgetting the key: sure: the key is located at https://packages.ros.org/ros.key.

One issue with that: the certificate there is not valid for packages.ros.org, but that ..

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 01:39:12 -0600 )edit

.. could be solved.

Not using apt-key was how all install tutorials did it btw, before switching to apt-key.

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 01:41:37 -0600 )edit

The ros-lunar-ros-core Docker image just installs dirmngr and gnupg2 at the moment (here).

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 01:42:24 -0600 )edit

@gvhoorn I think it's fine for us to recommend using the workaround and install dirmngr and gnupg2 for now. A a minimum, we need to update the Lunar Debian install guide to include this step, and we should open a ticket to address the issue properly. Where should I submit such a ticket?

imcmahon gravatar imageimcmahon ( 2017-11-14 08:17:52 -0600 )edit

Hm. Not sure.

For the wiki I would either just edit the relevant pages, or perhaps if we'd want to discuss this first, post something on ros-infrastructure/roswiki/issues. Really a guess though.

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 08:35:28 -0600 )edit

Perhaps this could be discussed on ROS Discourse. That would probably be a better venue than the roswiki issue tracker.

gvdhoorn gravatar imagegvdhoorn ( 2017-11-14 08:35:54 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-01-23 02:18:26 -0600

tfoote gravatar image

There are lots of places you can get the ROS key. The most visible is: https://github.com/ros/rosdistro/raw/...

There is a bigger question of what is the best way to replace apt-key as debian is changing their recommended toolchain.

We used to wget from that url, but the best practices from the debian community was to use the key server instead of wget or curl.

We should find the new recommended best practice and switch our documentation and tutorials over to use that method. Which I think uses dirmngr but I haven't researched it too much. There are many people who spend a lot of time thinking about this we should find their discussions and leverage it.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2017-11-13 22:17:30 -0600

Seen: 746 times

Last updated: Jan 23 '18