If you have Dropbox installed on your Linux desktop and have recently started seeing this warning message from apt:
http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details
This can be resolved by adding the Dropbox PGP key to the ‘signed-by’ of the apt repo definition (as described on the forums). Below are the exact CLI commands.
Get the latest Dropbox PGP key
remote_key_file=https://linux.dropbox.com/fedora/rpm-public-key.asc # validate same ownership as original, and newer expiration date sudo apt install pgpdump -y curl -s $remote_key_file | pgpdump | grep -E "User ID -|expiration" -A1 # save new PGP key curl -s $remote_key_file | sudo tee /usr/share/keyrings/dropbox.asc sudo chmod 644 /usr/share/keyrings/dropbox.asc
Edit Dropbox apt repo definition
Then find and edit the file that contains the Dropbox apt repo definition.
domain=linux.dropbox.com sudo grep -srl $domain /etc/apt | grep -v save sudo vi <theFoundFile>
There is no need to change your current definition, except to add the ‘signed-by=/usr/share/keyrings/dropbox.asc’ as shown in the example below.
deb [arch=i386,amd64 signed-by=/usr/share/keyrings/dropbox.asc] http://linux.dropbox.com/ubuntu disco main
REFERENCES
dropboxforum, shows how to resolve issue
askubuntu.com, similar problem but for digital ocean deb also shows how to delete legacy
askubuntu.com, script for finding all legacy keys and converting to new format
askubuntu.com, finding the signing key for a ppa launchpad
itfoss.com, explanation of legacy keyrings, dearmor, etc
NOTES
Harder way to get latest PGP key is extract from latest .deb
# download latest Dropbox .deb mkdir dbox cd dbox wget https://www.dropbox.com/download?dl=packages/ubuntu/dropbox_2020.03.04_amd64.deb # extract files from deb using 'ar' utility sudo apt install binutils -y ar xf dropbox_2020.03.04_amd64.deb tar xvfz control.tar.gz # grab PGP key from 'postinst' file, copy to keyrings location sed -ne '/-----BEGIN PGP PUBLIC KEY BLOCK-----/,/-----END PGP PUBLIC KEY BLOCK-----/p' postinst | tee dropbox.asc sudo cp dropbox.asc /usr/share/keyrings/dropbox.asc
(Optional) Delete from legacy keyring
After adding the ‘signed-by’ above, apt should no longer output warning messages. If you want to go a step further and remove the key from the legacy keyring, below are the commands.
# find legacy key id apt-key list | grep dropbox -B1 key_hexid=$(apt-key list | grep dropbox -B1 | head -n1 | tr -d ' ') # validate it is one belonging to dropbox, then delete from legacy keyring sudo apt install pgpdump -y apt-key export ${key_hexid: -8} | pgpdump | grep -i dropbox sudo apt-key del ${key_hexid: -8} # apt should not show any warning messages sudo apt update
Finding latest Dropbox PGP key
Searching duckduckgo.com with the following expression yields python file that contains PGP key as well as referencing its existence at https://linux.dropbox.com/fedora/rpm-public-key.asc
site:linux.dropbox.com apt "BEGIN PGP PUBLIC KEY BLOCK"