Mercurial > hg > nginx-site
comparison xml/en/linux_packages.xml @ 2662:e4d370d43176
Linux packages: removed apt-key usage to import gpg keys on Debian/Ubuntu.
apt-key is deprecated since 2017 and will be removed after Debian 11 and Ubuntu 22.04.
All distributions since at least 2013 support storing trusted keys in
/etc/apt/trusted.gpg.d/ instead, so using it should be safe.
A special workaround is added for Ubuntu 16.04 shipping gnupg 2.1, which is not
compatible with the CLI invocation we use.
author | Konstantin Pavlov <thresh@nginx.com> |
---|---|
date | Wed, 17 Feb 2021 16:39:40 +0300 |
parents | 991cf4287c36 |
children | 8b96520ca495 |
comparison
equal
deleted
inserted
replaced
2661:991cf4287c36 | 2662:e4d370d43176 |
---|---|
5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> | 5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> |
6 | 6 |
7 <article name="nginx: Linux packages" | 7 <article name="nginx: Linux packages" |
8 link="/en/linux_packages.html" | 8 link="/en/linux_packages.html" |
9 lang="en" | 9 lang="en" |
10 rev="56"> | 10 rev="57"> |
11 | 11 |
12 <section name="Supported distributions and versions" id="distributions"> | 12 <section name="Supported distributions and versions" id="distributions"> |
13 | 13 |
14 <para> | 14 <para> |
15 nginx packages are available for the following Linux distributions and | 15 nginx packages are available for the following Linux distributions and |
234 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ | 234 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ |
235 | sudo tee /etc/apt/preferences.d/99nginx | 235 | sudo tee /etc/apt/preferences.d/99nginx |
236 </programlisting> | 236 </programlisting> |
237 | 237 |
238 Next, import an official nginx signing key so apt could verify the packages | 238 Next, import an official nginx signing key so apt could verify the packages |
239 authenticity: | 239 authenticity. |
240 <programlisting> | 240 Fetch the key: |
241 curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - | 241 <programlisting> |
242 </programlisting> | 242 curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key |
243 | 243 </programlisting> |
244 Verify that you now have the proper key: | 244 |
245 <programlisting> | 245 Verify that the downloaded file contains the proper key: |
246 sudo apt-key fingerprint ABF5BD827BD9BF62 | 246 <programlisting> |
247 gpg --dry-run --quiet --import --import-options import-show /tmp/nginx_signing.key | |
247 </programlisting> | 248 </programlisting> |
248 | 249 |
249 The output should contain the full fingerprint | 250 The output should contain the full fingerprint |
250 <command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command> | 251 <command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command> |
251 as follows: | 252 as follows: |
252 <programlisting> | 253 <programlisting> |
253 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] | 254 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] |
254 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 | 255 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 |
255 uid [ unknown] nginx signing key <signing-key@nginx.com> | 256 uid nginx signing key <signing-key@nginx.com> |
257 </programlisting> | |
258 | |
259 Finally, move the key to apt trusted key storage (note the "asc" file extension change): | |
260 <programlisting> | |
261 sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc | |
256 </programlisting> | 262 </programlisting> |
257 | 263 |
258 To install nginx, run the following commands: | 264 To install nginx, run the following commands: |
259 <programlisting> | 265 <programlisting> |
260 sudo apt update | 266 sudo apt update |
293 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ | 299 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ |
294 | sudo tee /etc/apt/preferences.d/99nginx | 300 | sudo tee /etc/apt/preferences.d/99nginx |
295 </programlisting> | 301 </programlisting> |
296 | 302 |
297 Next, import an official nginx signing key so apt could verify the packages | 303 Next, import an official nginx signing key so apt could verify the packages |
298 authenticity: | 304 authenticity. |
299 <programlisting> | 305 Fetch the key: |
300 curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - | 306 <programlisting> |
301 </programlisting> | 307 curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key |
302 | 308 </programlisting> |
303 Verify that you now have the proper key: | 309 |
304 <programlisting> | 310 Verify that the downloaded file contains the proper key: |
305 sudo apt-key fingerprint ABF5BD827BD9BF62 | 311 <programlisting> |
312 gpg --dry-run --quiet --import --import-options show-only /tmp/nginx_signing.key | |
313 </programlisting> | |
314 | |
315 Note: on Ubuntu 16.04, use the following command instead: | |
316 <programlisting> | |
317 gpg --with-fingerprint /tmp/nginx_signing.key | |
306 </programlisting> | 318 </programlisting> |
307 | 319 |
308 The output should contain the full fingerprint | 320 The output should contain the full fingerprint |
309 <command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command> | 321 <command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command> |
310 as follows: | 322 as follows: |
311 <programlisting> | 323 <programlisting> |
312 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] | 324 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] |
313 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 | 325 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 |
314 uid [ unknown] nginx signing key <signing-key@nginx.com> | 326 uid nginx signing key <signing-key@nginx.com> |
327 </programlisting> | |
328 | |
329 Finally, move the key to apt trusted key storage (note the "asc" file extension change): | |
330 <programlisting> | |
331 sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc | |
315 </programlisting> | 332 </programlisting> |
316 | 333 |
317 To install nginx, run the following commands: | 334 To install nginx, run the following commands: |
318 <programlisting> | 335 <programlisting> |
319 sudo apt update | 336 sudo apt update |