Description
Here’s a polished English version of your request to the developers on GitHub, explaining the issue with the missing GPG key in Debian 13 and requesting a fix:
Subject: GPG Key Issue on Debian 13 (apt-key Deprecation)
Hi, Developers,
I’m encountering an issue when trying to use your repository on Debian 13. The system fails to verify the repository’s signature due to a missing GPG key (046842FD70F9FE0556150B1576D096043F7E4FAC).
Problem Details
Debian 13 has deprecated apt-key, so the traditional method of adding keys (apt-key add) no longer works.
The error occurs during apt update:
Warning: Missing key 046842FD70F9FE0556150B1576D096043F7E4FAC for signature verification.
Sub-process /usr/bin/sqv returned an error code (1).
Modern Debian requires keys to be placed in /usr/share/keyrings/ and referenced via signed-by in the repo configuration.
Request
Could you please:
Provide a .gpg key file (e.g., sophgo-archive-keyring.gpg) compatible with Debian 13’s new security policy?
Update your documentation to include instructions for Debian 13+ users, such as:
wget -O /usr/share/keyrings/sophgo-archive-keyring.gpg [URL-to-key]
echo "deb [signed-by=/usr/share/keyrings/sophgo-archive-keyring.gpg] https://your-repo-url/debian bookworm main" | sudo tee /etc/apt/sources.list.d/sophgo.list
Temporary Workaround
For now, I’ve manually converted the ASCII-armored key (public-key.asc) to a .gpg file:
wget https://example.com/public-key.asc -O /tmp/sophgo-key.asc
sudo gpg --dearmor -o /usr/share/keyrings/sophgo-archive-keyring.gpg /tmp/sophgo-key.asc
But a native .gpg file from your team would be more reliable.
Additional Context
Debian’s announcement: https://wiki.debian.org/DebianRepository/UseThirdParty
Key paths must now be explicitly declared in sources.list (see https://wiki.debian.org/SecureApt).
Thanks for your help! Let me know if you need further details.
Best regards,
BiaoZyx