Package

Security

Verification

As described in the article below, we demonstrate how to add an external APT repository with key verification.

How To Handle apt-key and add-apt-repository Deprecation Using gpg to Add External Repositories on Ubuntu 22.04 | DigitalOcean

First, Download the PGP keyring and convert it to the GPG format.

$ curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-7.x.gpg

Alternativelu, we can receive the keyring from a keyserver with specified key ID:

$ sudo gpg --homedir /tmp --no-default-keyring --keyring /usr/share/keyrings/R.gpg --keyserver keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB651716619E084DAB9

Then we can add the the repository in /etc/apt/sources.list.

deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/elastic-7.x.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main