PHP from sury repository apt update problem

On Debian 11 I received a warning when apt upgrade:

Keys stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg) have been deprecated, see the DEPRECATION
section in apt-key(8) for details.  The /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg file will be removed in
the next update of the package and you MUST update your APT sources to include
[signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] directive. See the Debian Wiki for more
information: https://wiki.debian.org/DebianRepository/UseThirdParty#Sources.list_entry

To fix this I downloaded and saved the key to the new location:
curl -fsSL https://packages.sury.org/php/apt.gpg | sudo tee /usr/share/keyrings/debsuryorg-archive-keyring.gpg > /dev/null

And upgraded /etc/apt/sources.list.d/php.list to:

deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ bullseye main

I think it fixed the issue. Problem is the online instructions still puts the key in the deprecated location thrusted.gpg.d

CONFIRMED! I did these same steps yesterday, online docs need update.

If you know exactly whats to be changed there is a “suggest change” link on the docs, then it will be looked at.

image1448×635 67.7 KB

Please don’t post ChatGPT or other large language model output to the forum. It is against our guidelines, for a variety of reasons.

https://forum.virtualmin.com/guidelines

If you know exactly whats to be changed there is a “suggest change” link on the docs, then it will be looked at.

Done. Makes me nervous recommending changes to Virtualmin though

I got this message from webmin after my last update I think.
debsuryorg-archive-keyring (2025.03.11) unstable; urgency=medium

• The /etc/apt/trusted.gpg.d/debsuryorg-archive.gpg global APT key will
  been removed in the next update of the package.

  The script will try to autodetect whether any APT repository is not
  configured with signed-by= directive and will print warning about the
  installation of this package.

  You need to manually add:

  [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg]

  to your APT sources lists. See the Debian Wiki for more information:

  https://wiki.debian.org/DebianRepository/UseThirdParty#Sources.list_entry

– Ondřej Surý ondrej@debian.org Tue, 11 Mar 2025 14:08:14 +0100

Hello ID10T, thank you for your information. I have received the same warning. How do I manually add [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] to my apt sources lists? And where? In the “/etc/apt/sources.list” file ? Or rather in “/etc/apt/sources.list.d”? And what exactly should the entry look like besides “[signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg]” ?

Perhaps you can define it in a few steps. Thank you for your time.

On my system:

/etc/apt/sources.list.d/sury-debian-php-bookworm.list

currently has the value: "deb https://packages.sury.org/php/ bookworm main"

change it to:

"deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ bookworm main"

It this the way it should be done?

I took it literally except I did add it to the specific entry like you suggest. I have it on two lines. That said, if my updates fail, I break nothing of value and I have time to fix it.

Thank you. I did the same. Seems to be working.