document which keyring formats are supported by apt-key

* the good old 'simple' keyring format
* the ascii armored variant since 1.4

Not supported is the (new in gpg 2.1) keybox format.

Closes: 844724

11 files changed, 31 insertions, 17 deletions

diff --git a/doc/apt-key.8.xml b/doc/apt-key.8.xml
index 57200b1ed..6c639a674 100644
--- a/doc/apt-key.8.xml
+++ b/doc/apt-key.8.xml
@@ -47,6 +47,20 @@
    </para>
 </refsect1>
 
+<refsect1><title>Supported keyring files</title>
+<para>apt-key supports only the binary OpenPGP format (also known as "GPG key
+   public ring") in files with the "<literal>gpg</literal>" extension, not
+   the keybox database format introduced in newer &gpg; versions as default
+   for keyring files. Binary keyring files intended to be used with any apt
+   version should therefore always be created with <command>gpg --export</command>.
+</para>
+<para>Alternatively, if all systems which should be using the created keyring
+   have at least apt version >= 1.4 installed, you can use the ASCII armored
+   format with the "<literal>asc</literal>" extension instead which can be
+   created with <command>gpg --armor --export</command>.
+</para>
+</refsect1>
+
 <refsect1><title>Commands</title>
    <variablelist>
      <varlistentry><term><option>add</option> <option>&synopsis-param-filename;</option></term>
@@ -63,10 +77,10 @@
      otherwise the &apt-secure; infrastructure is completely undermined.
      </para>
      <para>
-       Instead of using this command a keyring can be placed directly in the
-       <filename>/etc/apt/trusted.gpg.d/</filename> directory with a descriptive name
-       (same rules for filename apply as for &apt-conf; files) and "<literal>gpg</literal>"
-       as file extension.
+       <emphasis>Note</emphasis>: Instead of using this command a keyring
+       should be placed directly in the <filename>/etc/apt/trusted.gpg.d/</filename>
+       directory with a descriptive name and either "<literal>gpg</literal>" or
+       "<literal>asc</literal>" as file extension.
      </para>
      </listitem>
      </varlistentry>
@@ -139,7 +153,7 @@
      <para>
        Note that a distribution does not need to and in fact should not use
        this command any longer and instead ship keyring files in the
-       <filename>/etc/apt/trusted.gpg</filename> directory directly as this
+       <filename>/etc/apt/trusted.gpg.d/</filename> directory directly as this
        avoids a dependency on <package>gnupg</package> and it is easier to manage
        keys by simply adding and removing files for maintainers and users alike.
      </para>
diff --git a/doc/po/apt-doc.pot b/doc/po/apt-doc.pot
index 72ffc3ec5..fdccbada5 100644
--- a/doc/po/apt-doc.pot
+++ b/doc/po/apt-doc.pot
@@ -2015,7 +2015,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the "
-"<filename>/etc/apt/trusted.gpg</filename> directory directly as this avoids "
+"<filename>/etc/apt/trusted.gpg.d/</filename> directory directly as this avoids "
 "a dependency on <package>gnupg</package> and it is easier to manage keys by "
 "simply adding and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/de.po b/doc/po/de.po
index 4913f6ebe..0e3304332 100644
--- a/doc/po/de.po
+++ b/doc/po/de.po
@@ -2833,13 +2833,13 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
 "Beachten Sie, dass eine Distribution diesen Befehl nicht benötigt und "
 "tatsächlich nicht länger nutzen sollte. Sie sollte stattdessen "
-"Schlüsselbunddateien im Verzeichnis <filename>/etc/apt/trusted.gpg</"
+"Schlüsselbunddateien im Verzeichnis <filename>/etc/apt/trusted.gpg.d/</"
 "filename> direkt mitliefern, da dies eine Abhängigkeit von <package>gnupg</"
 "package> vermeidet und die Verwaltung von Schlüsseln durch einfaches "
 "Hinzufügen und Entfernen von Dateien für Paketbetreuer und Anwender "
diff --git a/doc/po/es.po b/doc/po/es.po
index 4034837c5..2d550dcd0 100644
--- a/doc/po/es.po
+++ b/doc/po/es.po
@@ -2890,7 +2890,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/fr.po b/doc/po/fr.po
index 8c7218dac..0f4fe8368 100644
--- a/doc/po/fr.po
+++ b/doc/po/fr.po
@@ -2819,7 +2819,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/it.po b/doc/po/it.po
index d67376414..83e5f638e 100644
--- a/doc/po/it.po
+++ b/doc/po/it.po
@@ -2863,7 +2863,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/ja.po b/doc/po/ja.po
index bb7316525..5641ee4f4 100644
--- a/doc/po/ja.po
+++ b/doc/po/ja.po
@@ -2760,7 +2760,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/nl.po b/doc/po/nl.po
index 6e5301288..7626e3c55 100644
--- a/doc/po/nl.po
+++ b/doc/po/nl.po
@@ -2907,13 +2907,13 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
 "Merk op dat een distributie dit commando niet langer hoeft en ook niet zou "
 "mogen gebruiken. In plaats daarvan moeten rechtstreeks sleutelbosbestanden "
-"meegeleverd worden in de map <filename>/etc/apt/trusted.gpg</filename>. Dit "
+"meegeleverd worden in de map <filename>/etc/apt/trusted.gpg.d/</filename>. Dit "
 "voorkomt dat het pakket <package>gnupg</package> een vereiste is, en zowel "
 "voor pakketonderhouders als voor gebruikers is het makkelijker om sleutels "
 "te beheren door eenvoudigweg bestanden toe te voegen of te verwijderen."
diff --git a/doc/po/pl.po b/doc/po/pl.po
index 967551b91..d78440251 100644
--- a/doc/po/pl.po
+++ b/doc/po/pl.po
@@ -2935,7 +2935,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/pt.po b/doc/po/pt.po
index f89cdd5e9..6cd68840c 100644
--- a/doc/po/pt.po
+++ b/doc/po/pt.po
@@ -2831,7 +2831,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""
diff --git a/doc/po/pt_BR.po b/doc/po/pt_BR.po
index 0b2e06fca..03cc7c7e2 100644
--- a/doc/po/pt_BR.po
+++ b/doc/po/pt_BR.po
@@ -1981,7 +1981,7 @@ msgstr ""
 msgid ""
 "Note that a distribution does not need to and in fact should not use this "
 "command any longer and instead ship keyring files in the <filename>/etc/apt/"
-"trusted.gpg</filename> directory directly as this avoids a dependency on "
+"trusted.gpg.d/</filename> directory directly as this avoids a dependency on "
 "<package>gnupg</package> and it is easier to manage keys by simply adding "
 "and removing files for maintainers and users alike."
 msgstr ""