Debian repository setup script stores GPG key in wrong directory and installs apt-transport-httpsΒ #1855
Description
Describe your bug
On https://deb.nodesource.com/, the user is instructed to download and execute a script for setting up the package repository together with its GPG key. The script stores the downloaded key in /usr/share/keyrings which, according to this Debian wiki page, is wrong. It states:
If future updates to the certificate will be managed by an apt/dpkg package as recommended below, then it SHOULD be downloaded into /usr/share/keyrings using the same filename that will be provided by the package. If it will be managed locally , it SHOULD be downloaded into /etc/apt/keyrings instead.
I couldn't find a package that manages the key going forward, so it should be stored in /etc/apt/keyrings. Please either fix the script to store the key in the correct location or provide a package for managing the key.
The script also installs apt-transport-https which is a dummy since at least Debian Stretch. Please stop installing that useless package.
Distribution Information:
- OS: Debian, Ubuntu
- Version: Any supported
Node Version:
- Node: >=18
To Reproduce
Steps to reproduce the behavior:
- Follow instructions from https://deb.nodesource.com/
Expected behavior
- The GPG key is stored in
/etc/apt/keyringsOR an additional package is installed that manages the key in/usr/share/keyrings - The dummy package
apt-transport-httpsis NOT installed