Edit: I found the code in openHABian that adds the keys and there’s a better way. I’ve updated the proposed changes below to use that. Also changed to /usr/share/keyrings instead of /usr/local/share/keyrings to conform to what openHABian does.
A minor issue came up with a small problem with the instructions on the website for apt based installation. For some reason, for some users, putting the URL to the PGP key in the wget doesn’t always work. It failed for me too once but worked a second time. 
But in the process I found that apt-key is deprecated (probably not news to most of you but I use ansible to install everything so I don’t directly interact with these commands very often). We probably should not have instructions on our site that uses deprecated commands.
I spent some time looking around and I’m finding that the “best practices” is a little more involved than a one-liner wget.
The quick and dirty approach is to just download the pgp public key file, convert it to a gpg and drop it into /etc/trusted.gpg.d. I think that can still be a one-liner but it’s definitely a pretty long and complicated one so would make it a code block in the docs even if it could be done with pipes and It can be written as a one liner.;.
The best practices approach, however, is to put the gpg file somewhere else (e.g. /usr/local/share/keyrings) and then inline in the openhab.list include [signed-by=/usr/share/keyrings/openhab.gpg].
The reason apt-key was deprecated was because apt is too trusting. Any package signed by that key would be accepted. By putting the keys somewhere else and adding the signed-by we can say “only trust this key for this specific repo and no others.”
@mstormi, I see that openHABian already does this the “best practices” way which is great to see.
So my question is, should we make the apt installation instructions tiny a bit more complicated to conform to best practices, or should we go half way and just drop the gpg file in apt’s trusted.gpg.d?
The current instructions are
First, add the openHAB repository key to your package manager:
wget -qO - 'https://openhab.jfrog.io/artifactory/api/gpg/key/public' | sudo apt-key add -
For the easy way that would change to:
First, add the openHAB repository key to your package manager:
curl -fsSL "https://openhab.jfrog.io/artifactory/api/gpg/key/public" | gpg --dearmor > openhab.pgp | sudo mv openhab.pgp /usr/share/keyrings
Everything else would remain the same.
The best practices approach would become:
First, add the openHAB repository key to your package manager:
sudo mkdir /usr/share/keyrings
curl -fsSL "https://openhab.jfrog.io/artifactory/api/gpg/key/public" | gpg --dearmor > openhab.pgp | sudo mv openhab.pgp /usr/share/keyrings
Then, you can choose between, Official (Stable), Beta or Snapshot builds:
- Stable ReleaseThe stable builds contain the latest official release with tested features.Add the >openHAB Stable Repository to your systems apt sources list:
echo 'deb [signed-by=/usr/share/keyrings/openhab.gpg] https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' | sudo tee /etc/apt/sources.list.d/openhab.list
- Testing ReleaseThe beta and release candidate builds come out less frequently, but will contain new features that are currently in the testing phase.Add the openHAB Beta Repository to your systems apt sources list:
echo 'deb [signed-by=/usr/share/keyrings/openhab.gpg] https://openhab.jfrog.io/artifactory/openhab-linuxpkg testing main' | sudo tee /etc/apt/sources.list.d/openhab.list
- Snapshot ReleaseThe snapshot build is created almost daily (opens new window), and include the latest changes to the openHAB core and add-ons. These changes are often unstable, so you should use this branch only for testing or development purposes.The snapshot repository is hosted in openHAB’s JFrog Artifactory instance (opens new window). To use it, add the openHAB Unstable Repository to your systems apt sources list:
echo 'deb [signed-by=/usr/share/keyrings/openhab.gpg] https://openhab.jfrog.io/artifactory/openhab-linuxpkg unstable main' | sudo tee /etc/apt/sources.list.d/openhab.list
