I recently came across a problem. I wanted to install some windows software on Ubuntu 20.04 and so decided to install WINEHQ, a windows emulator. To do so, i had to add the repository for WINEHQ to my package manager apt-get. So I followed the instructions provided by WINEHQ and came up with an error.
Here’s what I did to get to the error. First I visited the WINEHQ website: https://wiki.winehq.org/Ubuntu [1]. To add a repository to apt-get I need to go to the command line and enter this command:
Subsequent to this I got the following error indicating that the repository I had added was not secure and packages installed from it would not be updated. See below for a snippet.
To solve this problem and provide proper authentication for accessing this repository, I need to install the public key associated with the repo. first. For WINEHQ, I download this key called winehq.key as follows:
Unfortunately, the WINEHQ instructions here on out are outdated. The key above needs to be added to your keyring. This keyring is then used by apt-get to authenticate the repository. Normally, apt-get will access trusted keys via the keyring stored in trusted.gpg.d. They state that in order to add a key we must use the following command as indicated in their forum [3].
This command is depracated and returns the following error. The command must be replaced with a newer GPG command. Note that, in-fact, it isn’t good practice to store third party repository keys into the trusted.gpg.d folder as apt-get and repository management will implicitly trust this source and allow it to change any package anywhere on the system – as I understand from [2].
There are two things that we must do to overcome this problem. The first is to create a temporary keyring called winehq-keyring.gpg as shown below and import the old PGP key format winehq.key into it. See below.
Then the second thing is to export a new key in the new GPG format from this keyring. This will create a GPG style key that can then be added to our keyring. See below. Note that we only need to keep the winehq.gpg file. This is our key. The remaining keys can be deleted.
At this stage rather than add this keyring to the trusted.gpg.d folder, we can create and add it to our /usr/local/share/keyring folder. In my case the keyring folder didn’t exist so I created my own. At which point I used sudo to move the winehq.gpg key to the folder. At this stage, Linux appears to automatically detect the key at the location. I deleted the original repositories that I had added and then used the original add repository command as below without problems.
References
- https://wiki.winehq.org/Ubuntu. Last accessed: Oct. 2021.
- https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key. Last accessed: Oct. 2021.
- https://forum.winehq.org/viewtopic.php?t=31621. Last accessed: Oct. 2021.