Mercurial > hg > nginx-site

comparison xml/en/linux_packages.xml @ 2662:e4d370d43176

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Linux packages: removed apt-key usage to import gpg keys on Debian/Ubuntu. apt-key is deprecated since 2017 and will be removed after Debian 11 and Ubuntu 22.04. All distributions since at least 2013 support storing trusted keys in /etc/apt/trusted.gpg.d/ instead, so using it should be safe. A special workaround is added for Ubuntu 16.04 shipping gnupg 2.1, which is not compatible with the CLI invocation we use.
author Konstantin Pavlov <thresh@nginx.com>
date Wed, 17 Feb 2021 16:39:40 +0300
parents 991cf4287c36
children 8b96520ca495
comparison
equal deleted inserted replaced
2661:991cf4287c36 2662:e4d370d43176
5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd"> 5 <!DOCTYPE article SYSTEM "../../dtd/article.dtd">
6 6
7 <article name="nginx: Linux packages" 7 <article name="nginx: Linux packages"
8 link="/en/linux_packages.html" 8 link="/en/linux_packages.html"
9 lang="en" 9 lang="en"
10 rev="56"> 10 rev="57">
11 11
12 <section name="Supported distributions and versions" id="distributions"> 12 <section name="Supported distributions and versions" id="distributions">
13 13
14 <para> 14 <para>
15 nginx packages are available for the following Linux distributions and 15 nginx packages are available for the following Linux distributions and
234 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ 234 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
235 | sudo tee /etc/apt/preferences.d/99nginx 235 | sudo tee /etc/apt/preferences.d/99nginx
236 </programlisting> 236 </programlisting>
237 237
238 Next, import an official nginx signing key so apt could verify the packages 238 Next, import an official nginx signing key so apt could verify the packages
239 authenticity: 239 authenticity.
240 <programlisting> 240 Fetch the key:
241 curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - 241 <programlisting>
242 </programlisting> 242 curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
243 243 </programlisting>
244 Verify that you now have the proper key: 244
245 <programlisting> 245 Verify that the downloaded file contains the proper key:
246 sudo apt-key fingerprint ABF5BD827BD9BF62 246 <programlisting>
247 gpg --dry-run --quiet --import --import-options import-show /tmp/nginx_signing.key
247 </programlisting> 248 </programlisting>
248 249
249 The output should contain the full fingerprint 250 The output should contain the full fingerprint
250 <command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command> 251 <command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command>
251 as follows: 252 as follows:
252 <programlisting> 253 <programlisting>
253 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] 254 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
254 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 255 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
255 uid [ unknown] nginx signing key &lt;signing-key@nginx.com&gt; 256 uid nginx signing key &lt;signing-key@nginx.com&gt;
257 </programlisting>
258
259 Finally, move the key to apt trusted key storage (note the "asc" file extension change):
260 <programlisting>
261 sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
256 </programlisting> 262 </programlisting>
257 263
258 To install nginx, run the following commands: 264 To install nginx, run the following commands:
259 <programlisting> 265 <programlisting>
260 sudo apt update 266 sudo apt update
293 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ 299 echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
294 | sudo tee /etc/apt/preferences.d/99nginx 300 | sudo tee /etc/apt/preferences.d/99nginx
295 </programlisting> 301 </programlisting>
296 302
297 Next, import an official nginx signing key so apt could verify the packages 303 Next, import an official nginx signing key so apt could verify the packages
298 authenticity: 304 authenticity.
299 <programlisting> 305 Fetch the key:
300 curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add - 306 <programlisting>
301 </programlisting> 307 curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
302 308 </programlisting>
303 Verify that you now have the proper key: 309
304 <programlisting> 310 Verify that the downloaded file contains the proper key:
305 sudo apt-key fingerprint ABF5BD827BD9BF62 311 <programlisting>
312 gpg --dry-run --quiet --import --import-options show-only /tmp/nginx_signing.key
313 </programlisting>
314
315 Note: on Ubuntu 16.04, use the following command instead:
316 <programlisting>
317 gpg --with-fingerprint /tmp/nginx_signing.key
306 </programlisting> 318 </programlisting>
307 319
308 The output should contain the full fingerprint 320 The output should contain the full fingerprint
309 <command>573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62</command> 321 <command>573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62</command>
310 as follows: 322 as follows:
311 <programlisting> 323 <programlisting>
312 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14] 324 pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
313 573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62 325 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
314 uid [ unknown] nginx signing key &lt;signing-key@nginx.com&gt; 326 uid nginx signing key &lt;signing-key@nginx.com&gt;
327 </programlisting>
328
329 Finally, move the key to apt trusted key storage (note the "asc" file extension change):
330 <programlisting>
331 sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
315 </programlisting> 332 </programlisting>
316 333
317 To install nginx, run the following commands: 334 To install nginx, run the following commands:
318 <programlisting> 335 <programlisting>
319 sudo apt update 336 sudo apt update