find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.sources'
find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.sources'
find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.sources'
deb [arch=amd64 signed-by=/etc/apt/keyrings/example.gpg] https://packages.example.com/apt stable main
deb [arch=amd64 signed-by=/etc/apt/keyrings/example.gpg] https://packages.example.com/apt stable main
deb [arch=amd64 signed-by=/etc/apt/keyrings/example.gpg] https://packages.example.com/apt stable main
Types: deb
URIs: https://packages.example.com/apt
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/example.gpg
Types: deb
URIs: https://packages.example.com/apt
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/example.gpg
Types: deb
URIs: https://packages.example.com/apt
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/example.gpg
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src
URIs: http://deb.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src
URIs: http://deb.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg Types: deb deb-src
URIs: http://deb.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
deb [arch=amd64 signed-by=/etc/apt/keyrings/vendor.asc] https://repo.vendor.example stable main
deb [arch=amd64 signed-by=/etc/apt/keyrings/vendor.asc] https://repo.vendor.example stable main
deb [arch=amd64 signed-by=/etc/apt/keyrings/vendor.asc] https://repo.vendor.example stable main
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
grep -R "^[[:space:]]*deb " -n /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null
find /etc/apt/sources.list.d -maxdepth 1 -type f \( -name '*.list' -o -name '*.sources' \) | sort
grep -R "^[[:space:]]*deb " -n /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null
find /etc/apt/sources.list.d -maxdepth 1 -type f \( -name '*.list' -o -name '*.sources' \) | sort
grep -R "^[[:space:]]*deb " -n /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null
find /etc/apt/sources.list.d -maxdepth 1 -type f \( -name '*.list' -o -name '*.sources' \) | sort
sudo cp /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.bak
sudo cp /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.bak
sudo cp /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.bak
sudo tee /etc/apt/sources.list.d/vendor.sources >/dev/null <<'EOF'
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
EOF
sudo tee /etc/apt/sources.list.d/vendor.sources >/dev/null <<'EOF'
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
EOF
sudo tee /etc/apt/sources.list.d/vendor.sources >/dev/null <<'EOF'
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Architectures: amd64
Signed-By: /etc/apt/keyrings/vendor.asc
EOF
sudo mv /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.disabled
sudo mv /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.disabled
sudo mv /etc/apt/sources.list.d/vendor.list /etc/apt/sources.list.d/vendor.list.disabled
sudo apt update
apt policy
sudo apt update
apt policy
sudo apt update
apt policy
Enabled: no
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
Enabled: no
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
Enabled: no
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://repo.vendor.example/key.asc | sudo tee /etc/apt/keyrings/vendor.asc >/dev/null
sudo chmod 0644 /etc/apt/keyrings/vendor.asc
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://repo.vendor.example/key.asc | sudo tee /etc/apt/keyrings/vendor.asc >/dev/null
sudo chmod 0644 /etc/apt/keyrings/vendor.asc
sudo install -d -m 0755 /etc/apt/keyrings
curl -fsSL https://repo.vendor.example/key.asc | sudo tee /etc/apt/keyrings/vendor.asc >/dev/null
sudo chmod 0644 /etc/apt/keyrings/vendor.asc
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
Types: deb
URIs: https://repo.vendor.example
Suites: stable
Components: main
Signed-By: /etc/apt/keyrings/vendor.asc
find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.list' | sort
find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.list' | sort
find /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.list' | sort
sudo apt-key list
sudo apt-key list
sudo apt-key list
grep -R "^Signed-By:" /etc/apt/sources.list.d/*.sources 2>/dev/null
grep -R "^Signed-By:" /etc/apt/sources.list.d/*.sources 2>/dev/null
grep -R "^Signed-By:" /etc/apt/sources.list.d/*.sources 2>/dev/null - read the structure of a .sources file
- migrate a legacy .list entry safely
- use Signed-By without falling back to apt-key
- disable a repository cleanly without deleting it
- verify that APT accepts the new configuration - fields are explicit instead of positional
- one stanza can describe multiple suites or types
- Enabled: no is cleaner than commenting lines in and out
- machine parsing is much easier
- Signed-By is clearer and safer in structured form - Types: can include both deb and deb-src
- Suites: can contain multiple suites in one stanza
- values are whitespace-separated, not comma-separated
- the file extension must be .sources - temporarily disabling a staging repo
- leaving a documented rollback option in place
- keeping a source definition around while troubleshooting - apt-key is deprecated
- it is expected to disappear after its supported transition window
- /etc/apt/keyrings is the recommended location for extra keys not managed by packages
- Signed-By is the recommended way to bind a repository to a specific key - replace with configuration management
- audit with normal filesystem tooling - .sources files use whitespace-separated multivalue fields
- legacy .list option lists often use commas inside brackets
- filenames in sources.list.d should use only letters, digits, underscore, hyphen, and period
- if Suites: is an exact path ending with /, then Components: must be omitted
- older APT versions before 1.1 ignore deb822 files - you are standardizing fleet configuration
- you need clearer automation
- you are cleaning up apt-key legacy warnings
- you want per-repository trust boundaries with Signed-By - Debian sources.list(5) man page: https://manpages.debian.org/testing/apt/sources.list.5.en.html
- Debian apt-secure(8) man page: https://manpages.debian.org/testing/apt/apt-secure.8.en.html
- Debian apt-key(8) man page: https://manpages.debian.org/testing/apt/apt-key.8.en.html
- RepoLib explainer for deb822 format: https://repolib.readthedocs.io/en/latest/deb822-format.html
