I'm creating a package that will automatically install some repositories to all hosts in the LAN. The package will be accessible from the central repository.
I've discovered that repo lists can be dropped in '/etc/apt/sources.list.d/*.list'. Now I need to import their keys, for instance, this one. However, when I drop it into '/etc/apt/trusted.gpg.d/Opera.gpg', apt-get update gives me a plenty of NO_PUBKEY errors for all repos I have, including Opera!
What's wrong? :)
Keys downloaded from repositories should be joint into a new GPG keyring so you can drop them into '/etc/apt/trusted.gpg.d/*.gpg', like this:
gpg --no-default-keyring --keyring ./Opera.gpg --import Opera.key
sudo cp Opera.gpg /etc/apt/trusted.gpg.d/Opera.gpg
You can actually get the best of both worlds: create an additional keyring in /etc/apt/trusted.gpg.d/ and use apt-key instead of gpg directly.
If you already have a keyfile locally, such as Opera.key, then run the following command:
sudo apt-key --keyring /etc/apt/trusted.gpg.d/Opera.gpg add Opera.key
Of course, you can still import the key directly as MestreLion demonstrated:
wget -q -O - http://deb.opera.com/archive.key | sudo apt-key --keyring /etc/apt/trusted.gpg.d/Opera.gpg add -
Additionally, you could use apt-key to add the key for you in instead of manually dropping a file to that path. Assuming you saved the file as Opera.key:
sudo apt-key add Opera.key
You could even download and import the key file on-the-fly, instead of saving it to a local file:
wget -q -O - http://deb.opera.com/archive.key | sudo apt-key add -
Apt-key manages the contents of /etc/apt/trusted.gpg main file instead of using the directory, which may be a convenience or a burden for you.
I think the accepted answer is completely misleading or at least outdated. The current ubuntu does not support GPG keybox database file format as keyring fragment.
If you use that answer the apt update will raise warning: W: The key(s) in the keyring /etc/apt/trusted.gpg.d/test.gpg are ignored as the file has an unsupported filetype.
The rest answers involve deprecated command apt-key which does not exist anymore in current ubuntu release.
The correct way to do this is
# cd into a dir which is 700 for yourself
gpg --no-default-keyring --keyring tmp.keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys <key-id1> <key-id2>
gpg --no-default-keyring --keyring tmp.keyring.gpg --output my-keys.gpg --export
sudo cp /tmp/my-keys.gpg /etc/apt/trusted.gpg.d/
And please noticed the new apt support armoured key file so if you already have the .asc file you do NOT need to dearmor it as old ubuntu (<16.04)
