I updated my laptop to the latest and greatest KDE Neon 5.26/Ubuntu 22.04 LTS; this task took me nearly 25 minutes, and everything went as expected, but a few packages with “legacy” GPG keyrings. That obnoxious message is visible when packages are updated from the terminal and will appear for each troubled repository.
Fixing the issue
I took the solution from https://askubuntu.com, which essentially consists of exporting keys and editing list files. Let’s begin:
1. Listing all the installed GPG keys with apt-key:
sudo apt-key list
Every key is comprised of at least three entries: pub, uid, and sub; we will need the last 8 characters from the pub key, for instance, 2980AECF in:
pub rsa4096 2016-04-22 [SC]
B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF2. Export the key to the keyrings directory in /etc/apt/trusted.gpg.d:
sudo apt-key export 2980AECF | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/virtualbox-2980AECF.gpgNote.- replace virtualbox-2980AECF with the actual name of the affected package.
3. Perform a package and confirm the output has one warning less.
sudo apt update
4. Repeat steps 1-3 for every warning about legacy GPG.
Will these warnings affect system performance? Absolutely no. But those warnings polluting the output are somewhat annoying.
Waggos Blog 