Fully deprecate apt-key, schedule removal for Q2/2022

People are still using apt-key add and friends, despite that not
being guaranteed to work. Let's tell them to stop doing so.

We might still want a list command at a future point, but this
needs deciding, and a blanket ban atm seems like a sensible step
until we figured that out.

1 files changed, 14 insertions, 2 deletions

diff --git a/cmdline/apt-key.in b/cmdline/apt-key.in
index e9187b423..c61b8b417 100644
--- a/cmdline/apt-key.in
+++ b/cmdline/apt-key.in
@@ -740,8 +740,18 @@ warn_on_script_usage() {
     # (Maintainer) scripts should not be using apt-key
     if [ -n "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
 	echo >&2 "Warning: apt-key should not be used in scripts (called from $DPKG_MAINTSCRIPT_NAME maintainerscript of the package ${DPKG_MAINTSCRIPT_PACKAGE})"
-    elif [ ! -t 1 ]; then
-	echo >&2 "Warning: apt-key output should not be parsed (stdout is not a terminal)"
+    fi
+
+    echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))."
+}
+
+warn_outside_maintscript() {
+    # In del, we want to warn in interactive use, but not inside maintainer
+    # scripts, so as to give people a chance to migrate keyrings.
+    #
+    # FIXME: We should always warn starting in 2022.
+    if [ -z "$DPKG_MAINTSCRIPT_PACKAGE" ]; then
+	echo >&2 "Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8))."
     fi
 }
 
@@ -760,6 +770,7 @@ case "$command" in
         ;;
     del|rm|remove)
 	# no script warning here as removing 'add' usage needs 'del' for cleanup
+	warn_outside_maintscript
 	requires_root
 	foreach_keyring_do 'remove_key_from_keyring' "$@"
 	aptkey_echo "OK"
@@ -772,6 +783,7 @@ case "$command" in
 	merge_back_changes
 	;;
     net-update)
+	warn_on_script_usage
 	requires_root
 	setup_merged_keyring
 	net_update