If you are in the console shell on a Debian 10 or 11, after running the apt update command, you may get these warning:
N: Usage of apt_auth.conf(5) should be preferred over embedding login information directly in the sources.list(5) entry for 'https://download.kopano.io'
This tutorial will show you how to use Login configuration file for Debian apt sources and proxies. Debian Repositories for users with a valid subscription like Kopano can use the credentials to log in to the repository to gain access that makes able to install packages using apt.
Use apt_auth.conf to Kopano repository
If you have a purchased serial key, it can be used to login to the repository with
/etc/apt/auth.conf.d/*.conffiles, this will add the login information to the configuration file for APT sources.
Open in the editor of your choice the file:
and remove your login and password information from it.
Create a new
/etc/apt/auth.conf.d/kopano.conffile and place in it:
machine download.kopano.io/supported/core:/final/Debian_11/ login serial password XXXXXXXXXXXXXXXXXXXXXXXXX
Supplying login information for a user named serial with the password of your subscription serial key using debian apt.
If you want to deploy Kopano Groupware on Debian 11 (bullseye). Create in
/etc/apt/sources.list.d/kopano.listfile and add the following to your Debian apt source:
deb https://download.kopano.io/supported/core:/final/Debian_11/ ./
as seen here it place without the serial key into the apt source.
The packages are signed so we need to add the key as well.
$ sudo curl -O https://serial:<SERIALKEY>@download.kopano.io/supported/core:/final/Debian_11/Release.key $ apt-key add Release.key
I prefer working with elevated privileges as root (“su -“), many people use sudo, so the commands here shown with sudo, but also on Ubuntu you can become root with the (“sudo su -“), simply choose the method that suits for you.
Up to here with Debian 10 everything works fine, but with Debian 11 a warning displayed::
# sudo apt-key add Release.key Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). OK
It’s a warning, not an error. It doesn’t stop the process. The GPG key is added to your system and you can continue adding the external repository. It doesn’t stop the installation of packages.
The system is now ready to authenticate to the repository able to install packages, simply just now run
Using apt-key deprecation and trusted.gpg
This message requires two steps, apt-key is deprecated, Manage keyring files in trusted.gpg.d. With add the keys of a repository, Debian apt and Ubuntu trusts the packages (signed with that key) coming from the repository. If you don’t add the key of a repository, the system won’t allow installing packages from it. It works by adding the keys to separate files located in the /etc/apt/trusted.gpg.d directory. The apt package manager trusts the keys inside this directory.
It’s the same mechanism it uses for the sources list where external repository sources are listed in their own file under /etc/apt/sources.list.d instead of keeping everything under the /etc/apt/sources.list file. It makes managing the external repos convenient.
And this is how it works, first if the gnupg2 package is not already installed, it can be added as follows:
$ sudo apt install -y gnupg2
After that the repository key can be added as follows:
$ sudo curl -sS https://serial:XXXXXXXXXXXXXXXXXXXXXXXXX@download.kopano.io/supported/core:/final/Debian_11/Release.key | gpg --dearmor > /etc/apt/trusted.gpg.d/KopanoRelease.key
Now check the keys are stored in the keyring with run
you’ve done it now, Debian or Ubuntu won’t complain anymore.
Debian APT Login configuration file
/etc/apt/auth.conffile and .conf files inside
/etc/apt/auth.conf.dcan be used to store login information in a netrc-like format with restrictive file permissions.
The format defined is similar to the format of the
~/.netrcfile used by ftp and similar programs interacting with servers.
Note that apt does not support Digest access authentication, it only does Basic access authentication. As having protocol specified is not wrong (at least not in bullseye) and actually needed if the protocol is not https, so as it doesn’t leak auth info over unencrypted channels.
The authentication to several different repositories can be used flexibly and are suitable for automated processing, here is another example:
machine simple.org/deb login USER password PASSWD machine repo.other.gov:443 login USER password PASSWD machine archive.ops.net/sources/ login USER password PASSWD
Login information in auth.conf and auth.conf.d are more flexible than those in sources.list. For example, login information can be specified for parts of a repository only, or if the sources.list entry redirects elsewhere, login information for the redirect destination can be supplied.