APT 无效签名

APT 无效签名

我一直在使用 Cubic 构建新的 Ubuntu 实例以创建自定义 ISO。这种方法在过去效果很好,但出于某种原因,在加载到 chroot 环境后,由于无效签名的多个错误,我无法更新 apt。

root@mine:/etc/apt# apt update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Err:1 http://security.ubuntu.com/ubuntu xenial-security InRelease                                                  
  At least one invalid signature was encountered.
Hit:2 http://archive.ubuntu.com/ubuntu xenial InRelease                                                            
Err:2 http://archive.ubuntu.com/ubuntu xenial InRelease                                                            
  At least one invalid signature was encountered.
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]                                           
Err:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease                                                    
  At least one invalid signature was encountered.
Fetched 204 kB in 18s (10.8 kB/s)                                                                                  
Reading package lists... Done
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.ubuntu.com/ubuntu xenial-security InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu xenial InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu xenial-updates InRelease: At least one invalid signature was encountered.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease 
At least one invalid signature was encountered.
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  At least one invalid signature was encountered.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  At least one invalid signature was encountered.
W: Some index files failed to download. They have been ignored, or old ones used instead.
root@mine:/etc/apt# apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease                  
Get:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]              
Err:1 http://archive.ubuntu.com/ubuntu xenial InRelease                                         
  At least one invalid signature was encountered.
Err:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease                                                    
  At least one invalid signature was encountered.
Get:3 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]                                         
Err:3 http://security.ubuntu.com/ubuntu xenial-security InRelease                                                  
  At least one invalid signature was encountered.
Fetched 204 kB in 17s (11.4 kB/s)                                                                                  
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu xenial InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com/ubuntu xenial-updates InRelease: At least one invalid signature was encountered.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.ubuntu.com/ubuntu xenial-security InRelease: At least one invalid signature was encountered.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial/InRelease  At least one invalid signature was encountered.
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/InRelease  At least one invalid signature was encountered.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/xenial-updates/InRelease  At least one invalid signature was encountered.
W: Some index files failed to download. They have been ignored, or old ones used instead.

我尝试了许多方法来解决这个问题,我怀疑这是因为 cubic 在形成 squashfs 系统时所做的事情破坏了 GPG 密钥环。

运行 apt-key list 显示:

root@mine:/etc/apt# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key <[email protected]>
sub   2048g/79164387 2004-09-12

pub   4096R/C0B21F32 2012-05-11
uid                  Ubuntu Archive Automatic Signing Key (2012) <[email protected]>

pub   4096R/EFE21092 2012-05-11
uid                  Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <[email protected]>

apt-key update 显示:

root@mine:/etc/apt# apt-key update
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <[email protected]>" not changed
gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key <[email protected]>" not changed
gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <[email protected]>" not changed
gpg: key EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>" not changed
gpg: Total number processed: 4
gpg:              unchanged: 4
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
gpg: WARNING: unsafe ownership on homedir `/tmp/tmp.VI7PlJB3k0'
root@mine:/etc/apt# 

有什么办法可以解决这个问题吗?我尝试运行 apt clean 但没有发生任何变化,同时导入已知有效的 sources.list 甚至 trust.gpg 文件。/etc/apt/sources.list.d/ 和 /etc/apt/trusted.gpg.d/ 的权限在全球范围内都是可读的,因此 apt 应该能够读取密钥。

这是一个干净的构建,cubic 使用的 ISO 已在 VM 中测试过,没有任何问题,所以它看起来像是 cubic 的问题,但我不确定 cubic 可能做了什么导致了这个问题,或者如何尝试自己在 chroot 中修复它。

如有任何建议/意见我将不胜感激。

麦克西

答案1

我遇到了同样的问题。我不确定是什么原因,但我找到了一个不错的解决方法。它要求您的主机系统与您尝试使用 Cubic 修改的系统相同。只需使用 cubic 提取图像,然后apt-get update在主机系统上运行即可。将/var/lib/apt/lists提取的 iso 上的文件夹替换/var/lib/apt/lists为主机系统中的文件夹。我认为问题在于您以 root 身份使用 Cubic 浏览图像,并且您缺少一些 GPG 配置内容……但这只是猜测。希望它能有所帮助。

相关内容