我收到关于不安全所有权的警告~/.gnupg
:
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
gpg: WARNING: unsafe ownership on homedir '/home/USER/.gnupg'
- 我尝试了以下方法但没有任何效果:
chown -R $(USER) ~/.gnupg/
find ~/.gnupg -type f -exec chmod 600 {} \; find ~/.gnupg -type d -exec chmod 700 {} \;
sudo gpgconf --kill dirmngr sudo chown -R USER:USER /home/USER/.gnupg chmod 700 /home/USER/.gnupg chmod 600 ~/.gnupg/*
-
ls -al /home/elias/.gnupg drwx------ 4 USER USER 4096 Jul 1 19:33 . drwxr-xr-x 96 USER USER 20480 Jul 10 11:19 .. drw------- 2 USER USER 4096 Feb 13 2019 crls.d drw------- 2 USER USER 4096 Aug 13 2018 private-keys-v1.d -rw------- 1 USER USER 2305 Feb 13 2019 pubring.kbx -rw------- 1 USER USER 584 Feb 13 2019 pubring.kbx~ -rw------- 1 USER USER 1200 Aug 13 2018 trustdb.gpg
可能相关:
error:45 http://ppa.launchpad.net/hugin/hugin-builds/ubuntu bionic Release
404 Not Found [IP: 91.189.95.85 80]
Hit:32 https://www.icesi.edu.co/CRAN/bin/linux/ubuntu xenial-cran35/ InRelease
error:25 https://repo.skype.com/deb stable InRelease
The following signatures were not valid: EXPKEYSIG 1F3045A5DF7587C3 Skype Linux Client Repository <[email protected]>
error:30 http://apt.insynchq.com/ubuntu bionic InRelease
The following signatures were not valid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <[email protected]>
E: The repository 'https://packages.sury.org/php bionic Release' does not have a Release file.
N: Updating from such a repository cant be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://ppa.launchpad.net/hugin/hugin-builds/ubuntu bionic Release' does not have a Release file.
N: Updating from such a repository cant be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: https://repo.skype.com/deb stable InRelease: The following signatures were not valid: EXPKEYSIG 1F3045A5DF7587C3 Skype Linux Client Repository <[email protected]>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: http://apt.insynchq.com/ubuntu bionic InRelease: The following signatures were not valid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <[email protected]>
询问的额外信息:
ls -al /usr/share/keyrings/
结果:
drwxr-xr-x 2 root root 4096 Jul 10 11:13 .
drwxr-xr-x 621 root root 20480 Jul 10 13:50 ..
-rw-r--r-- 1 root root 1795 Jul 10 11:52 githubcli-archive-keyring.gpg
-rw-r--r-- 1 root root 2274 May 11 13:19 ubuntu-advantage-cis.gpg
-rw-r--r-- 1 root root 2236 May 11 13:19 ubuntu-advantage-esm-apps.gpg
-rw-r--r-- 1 root root 2264 May 11 13:19 ubuntu-advantage-esm-infra-trusty.gpg
-rw-r--r-- 1 root root 2275 May 11 13:19 ubuntu-advantage-fips.gpg
-rw-r--r-- 1 root root 7399 Sep 18 2018 ubuntu-archive-keyring.gpg
-rw-r--r-- 1 root root 6713 Oct 27 2016 ubuntu-archive-removed-keys.gpg
-rw-r--r-- 1 root root 4097 Feb 6 2018 ubuntu-cloudimage-keyring.gpg
-rw-r--r-- 1 root root 0 Jan 17 2018 ubuntu-cloudimage-removed-keys.gpg
-rw-r--r-- 1 root root 1227 May 27 2010 ubuntu-master-keyring.gpg
额外信息2:
sudo env | grep '^HOME='
结果:
HOME=/home/elias
答案1
让我们看一下这个命令的作用(为了便于说明,已简化)
curl … | sudo gpg … -o /usr/share/keyrings/githubcli-archive-keyring.gpg
该curl
零件脱落并得到了我们要给予的东西gpg
;没有问题。
该sudo gpg
命令gpg
以 身份运行root
,但目录不变HOME
。gpg
运行时,它会检查$HOME/.gpg
所有权和权限。在这种情况下,它以 身份运行,root
但发现root
目录的所有者不是 ,而是USER
。它适当地大声抱怨
gpg: WARNING: unsafe ownership on homedir '/home/USER/.gnupg'
您提到不能省略sudo
,我认为这是因为您需要 root 权限才能写入/usr/share/keyrings/
。在这种情况下,解决方案可能是告诉sudo
更改HOME
目录值以匹配root
用户
sudo -H gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
文档(man sudo
)解释道,
-H
,--set-home
请求安全策略将HOME
环境变量设置为目标用户的密码数据库条目指定的主目录。
gpg
另一种选择是在不使用的情况下运行sudo
并将密钥写入您自己的HOME
目录,然后使用sudo
它将其移动到目标目录
gpg --dearmor -o githubcli-archive-keyring.gpg &&
sudo mv -f githubcli-archive-keyring.gpg /usr/share/keyrings/