Atomic archive configuration script bug on debian

brabo42
New Forum User
New Forum User
Posts: 1
Joined: Mon Feb 12, 2024 12:30 pm

Atomic archive configuration script bug on debian

Unread post by brabo42 »

Hi,

After many years of not using OSSEC I just installed it on a system again. I used the Atomic Archive configuration script provided here:
https://updates.atomicorp.com/installers/atomic

After running this script and subsequently running `sudo apt update` I got these warnings:
W: https://updates.atomicorp.com/channels/ ... /InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: Conflicting distribution: https://updates.atomicorp.com/channels/atomic/debian bookworm/amd64/ InRelease (expected bookworm/amd64/ but got )

So, on debian, and AFAIK on ubuntu as well, apt-key has been deprecated due to security issues with /etc/apt/trusted.gpg.
The preferred way of adding apt gpg keys is now by using gpg to add them to /etc/apt/trusted.gpg.d/.

One way many people suggest is to use:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg`

This however would output non-human readable characters in the scripts output.
One way could be to null stdout output:
`cat RPM-GPG-KEY.atomicorp.txt | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/atomic.gpg 1>/dev/null`

However, using the ASCII armor file with .asc extension works as well:
`sudo cp RPM-GPG-KEY.atomicorp.txt /etc/apt/trusted.gpg.d/atomic.asc`

For cleanliness an mv command vs a cp one would not leave the file lying around ;)

This specific line from the atomic script is line 528.

The conflicting distribution warning is something that can be fixed as well. Not being in any way familiar with setting up apt repos myself, I can only report this ;)

Kind regards,
brabo.
shadyrain
New Forum User
New Forum User
Posts: 1
Joined: Mon Mar 04, 2024 9:54 pm

Re: Atomic archive configuration script bug on debian

Unread post by shadyrain »

brabo42 wrote: Mon Feb 12, 2024 12:45 pm Hi,

After many years of not using OSSEC I just installed it on a system again. I used the Atomic Archive configuration script provided here:
https://updates.atomicorp.com/installers/atomic

After running this script and subsequently running `sudo apt update` I got these warnings:
W: https://updates.atomicorp.com/channels/ ... /InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: Conflictinggeometry dash world distribution: https://updates.atomicorp.com/channels/atomic/debian bookworm/amd64/ InRelease (expected bookworm/amd64/ but got )

So, on debian, and AFAIK on ubuntu as well, apt-key has been deprecated due to security issues with /etc/apt/trusted.gpg.
The preferred way of adding apt gpg keys is now by using gpg to add them to /etc/apt/trusted.gpg.d/.
I got the same warning during setup. I tried using the .asc extension but there seems to be something wrong and it doesn't work.
User avatar
cponton
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 61
Joined: Fri Oct 09, 2020 9:41 am

Re: Atomic archive configuration script bug on debian

Unread post by cponton »

We have opened an issue report with the developers. Thank you for reaching out!
Post Reply