update Debian install instructions, apt-key deprecated, new source format

[thkoch2001]

You might want to update the Debian / Ubuntu installation instructions on https://github.com/Xpra-org/xpra/wiki/Download#-linux

1. apt-key is deprecated
2. There is a new, IMHO more readable format for apt repository files

Instead of adding keys with apt-key, one should add non-armored gpg keys in a file in folder /usr/share/keyrings/. For this I changed your key with

gpg --dearmor gpg.asc

and moved the resulting file to /usr/share/keyrings/xpra.gpg.

The new source format then allows to specify, which key should be used to sign packages of which repository. The new format used the file extension .sources. So in /etc/apt/sources.list.d/xpra.sources I put:

Types: deb
URIs: https://xpra.org/
Suites: bullseye
Components: main
Signed-By: /usr/share/keyrings/xpra.gpg

For more details:

• https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html
• https://wiki.debian.org/DebianRepository/UseThirdParty

Thank you!

[totaam]

Since the current instructions still work, this is unlikely to be worked on just yet.

[totaam]

See also #3446

[adamhotep]

Run this command:

sudo wget -O "/usr/share/keyrings/antoine-martin.gpg" https://xpra.org/gpg-2022.asc

Then download the appropriate repository file from the Download § for Debian based disributions table and modify it to include that signing key as an option:

Like this:

deb [signed-by=/usr/share/keyrings/antoine-martin.gpg] https://xpra.org/ bookworm main

If there's already an options section, it's space-delimited (see my notes):

deb [arch=amd64,arm64 signed-by=/usr/share/keyrings/antoine-martin.gpg] https://xpra.org/beta/ hirsute main

I chose to use Antoine's name for the key since it identifies itself as his personal key. You may prefer to call it xpra.gpg.

To update the docs, just update the files and the code block with my command.

(Update: the .sources format in this ticket's description is an alternative to the more traditional .list format and should also work. It'll make git diffs more legible, but given the syntax I've outlined, they're functionally equivalent.)

[totaam]

@adamhotep thanks, do you happen to know which distributions support this format and which don't? (from both Ubuntu and Debian)

[adamhotep]

Ubuntu and Debian develop APT together and coordinate releases to reduce this confusion, especially for the apt-key deprecation given its security concerns.

See also apt-key Is Deprecated, which notes that this applies to "Debian, Ubuntu, Linux Mint, Pop!_OS, etc."

[totaam]

Users have criticised the download page for DEB package as being too complicated.
And these latest changes have just made things a little bit worse as we now have two different ways of importing the keys and no easy way to make it clear which one users should use... oh well.

[ehfd]

Instead of adding keys with apt-key, one should add non-armored gpg keys in a file in folder /usr/share/keyrings/.

This is apparently unnecessary. Just use the armored key from https://xpra.org/gpg.asc and save to /usr/share/keyrings.
The key for Wine (https://dl.winehq.org/wine-builds/winehq.key) is armored in https://wiki.winehq.org/Ubuntu and https://wiki.winehq.org/Debian.