Atomic archive configuration script bug on debian
Posted: Mon Feb 12, 2024 12:45 pm
Hi,
After many years of not using OSSEC I just installed it on a system again. I used the Atomic Archive configuration script provided here:
https://updates.atomicorp.com/installers/atomic
After running this script and subsequently running `sudo apt update` I got these warnings:
W: https://updates.atomicorp.com/channels/ ... /InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: Conflicting distribution: https://updates.atomicorp.com/channels/atomic/debian bookworm/amd64/ InRelease (expected bookworm/amd64/ but got )
So, on debian, and AFAIK on ubuntu as well, apt-key has been deprecated due to security issues with /etc/apt/trusted.gpg.
The preferred way of adding apt gpg keys is now by using gpg to add them to /etc/apt/trusted.gpg.d/.
One way many people suggest is to use:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg`
This however would output non-human readable characters in the scripts output.
One way could be to null stdout output:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg 1>/dev/null`
However, using the ASCII armor file with .asc extension works as well:
`sudo cp RPM-GPG-KEY.atomicorp.txt /etc/apt/trusted.gpg.d/atomic.asc`
For cleanliness an mv command vs a cp one would not leave the file lying around
This specific line from the atomic script is line 528.
The conflicting distribution warning is something that can be fixed as well. Not being in any way familiar with setting up apt repos myself, I can only report this
Kind regards,
brabo.
After many years of not using OSSEC I just installed it on a system again. I used the Atomic Archive configuration script provided here:
https://updates.atomicorp.com/installers/atomic
After running this script and subsequently running `sudo apt update` I got these warnings:
W: https://updates.atomicorp.com/channels/ ... /InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: Conflicting distribution: https://updates.atomicorp.com/channels/atomic/debian bookworm/amd64/ InRelease (expected bookworm/amd64/ but got )
So, on debian, and AFAIK on ubuntu as well, apt-key has been deprecated due to security issues with /etc/apt/trusted.gpg.
The preferred way of adding apt gpg keys is now by using gpg to add them to /etc/apt/trusted.gpg.d/.
One way many people suggest is to use:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg`
This however would output non-human readable characters in the scripts output.
One way could be to null stdout output:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg 1>/dev/null`
However, using the ASCII armor file with .asc extension works as well:
`sudo cp RPM-GPG-KEY.atomicorp.txt /etc/apt/trusted.gpg.d/atomic.asc`
For cleanliness an mv command vs a cp one would not leave the file lying around
This specific line from the atomic script is line 528.
The conflicting distribution warning is something that can be fixed as well. Not being in any way familiar with setting up apt repos myself, I can only report this
Kind regards,
brabo.