gpg: WARNING: unsafe ownership on homedir /home/USER/.gnupg
Let's look a moment at what this command is doing (simplified for the illustration)
curl … | sudo gpg … -o /usr/share/keyrings/githubcli-archive-keyring.gpg
The curl
part goes off and gets something we are going to give to gpg
; no problem there.
The sudo gpg
command runs gpg
as root
, but with an unchanged HOME
directory. When gpg
runs it checks $HOME/.gpg
for ownership and permissions. In this case it is running as root
but finds that instead of the directory being owned by root
it's being owned by USER
. Appropriately it complains, loudly
gpg: WARNING: unsafe ownership on homedir '/home/USER/.gnupg'
You mentioned that you cannot omit the sudo
, and I would assume this is because you need root permissions to write to /usr/share/keyrings/
. The solution in this case may be to tell sudo
to change the HOME
directory value to match the root
user
sudo -H gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
The documentation (man sudo
) explains,
-H
,--set-home
Request that the security policy set theHOME
environment variable to the home directory specified by the target user's password database entry.
Another option is to run gpg
without sudo
and write the key to your own HOME
directory, and then use sudo
to move it to the target directory
gpg --dearmor -o githubcli-archive-keyring.gpg &&
sudo mv -f githubcli-archive-keyring.gpg /usr/share/keyrings/