在更新 Focal 之后,我必须重新访问 /etc/apt/sources* 来更新我的第三方存储库。
其中一个存储库适用于 Yorba PPA,位于:https://launchpad.net/~yorba/+archive/ubuntu/ppa
不幸的是,我无法再从该存储库进行更新:
$ sudo apt-get update
[..truncated..]
W: GPG error: http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release: The following signatures were invalid: 90B064CAE4CBA8A6C34F04D110975893E549B1AC
E: The repository 'http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
好的,让我们尝试解决这个问题——首先删除我已经拥有的密钥:
$ sudo rm -f /etc/apt/trusted.gpg.d/yorba_ubuntu_ppa.gpg
$ sudo apt-get update
[..truncated..]
W: GPG error: http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 10975893E549B1AC
E: The repository 'http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
接下来从 ubuntu 密钥服务器再次获取密钥:
$ sudo apt-key adv --recv-keys --keyserver keys.gnupg.net 10975893E549B1AC
Executing: /tmp/apt-key-gpghome.RKi7hJu0jl/gpg.1.sh --recv-keys --keyserver keys.gnupg.net 10975893E549B1AC
gpg: key 10975893E549B1AC: public key "Launchpad yorba" imported
gpg: Total number processed: 1
gpg: imported: 1
现在一切都应该准备就绪了,对吧?错了。结果和我们开始时一样:
$ sudo apt-get update
[..truncated..]
W: GPG error: http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release: The following signatures were invalid: 90B064CAE4CBA8A6C34F04D110975893E549B1AC
E: The repository 'http://ppa.launchpad.net/yorba/ppa/ubuntu vivid Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
有人知道我做错了什么吗?Yorba PPA 有什么根本性问题吗?
-迈克尔
答案1
Yorba PPA 是否存在根本性问题?
除了它是古董之外?......没有。
嗯,这正是问题所在。
请注意签名本身是可以的:
% gpg --no-default-keyring --keyring ./key.gpg --verify Release.gpg Release
gpg: Signature made Tue 31 Mar 2015 07:20:40 JST
gpg: using RSA key 10975893E549B1AC
gpg: Good signature from "Launchpad yorba" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 90B0 64CA E4CB A8A6 C34F 04D1 1097 5893 E549 B1AC
但其制作方式已不再适用:
% gpg --list-packets Release.gpg
# off=0 ctb=88 tag=2 hlen=2 plen=156
:signature packet: algo 1, keyid 10975893E549B1AC
version 4, created 1427754040, md5len 0, sigclass 0x00
digest algo 2, begin of digest e2 e8
hashed subpkt 2 len 4 (sig created 2015-03-30)
subpkt 16 len 8 (issuer key ID 10975893E549B1AC)
data: [1018 bits]
digest algo 2是 SHA-1,它不再被认为是安全的,现在Release使用 SHA-1 进行签名时出错。
这不是什么新鲜事。在 16.04 中就已经有警告了 (如何修复 apt:密钥签名使用弱摘要算法(SHA1)?):
# apt update
...
W: http://ppa.launchpad.net/yorba/ppa/ubuntu/dists/vivid/Release.gpg: Signature by key 90B064CAE4CBA8A6C34F04D110975893E549B1AC uses weak digest algorithm (SHA1)
并且在 18.04 中返回与 20.04 中相同的错误。
答案2
您可以简单地禁用此 PPA因为它没有为您的 Ubuntu 20.04 LTS 版本提供软件包。
使用
sudo add-apt-repository -r ppa:yorba/ppa
然后sudo apt-get update像sudo apt-get upgrade往常一样运行。