我在 Debian Buster 上使用 apt 更新时遇到了问题,几天前它突然停止工作了。我已将 /etc/apt 目录与备份进行了比较,似乎没有任何变化。
在另一个 Debian Buster 系统上,/etc/apt/trusted.gpg.d 中具有相同 MD5 校验和的相同密钥可以完美运行:
root@domac:/etc/apt/trusted.gpg.d# md5sum debian-archive-buster-stable.gpg
4797ff6df738da65413ef710cf73936f debian-archive-buster-stable.gpg
root@domac:/etc/apt/trusted.gpg.d#
apt-get update 的输出是:
root@domac:/etc/apt/trusted.gpg.d# apt-get update
Get:1 http://ftp.carnet.hr/carnet-debian carnet-buster InRelease [4,719 B]
Get:2 http://ftp.hr.debian.org/debian buster InRelease [122 kB]
Get:3 http://ftp.srce.hr/srce-debian srce-buster InRelease [6,723 B]
Get:4 http://ftp.hr.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://ftp.hr.debian.org/debian buster-backports InRelease [46.7 kB]
Get:6 https://packages.sury.org/php buster InRelease [6,837 B]
Err:1 http://ftp.carnet.hr/carnet-debian carnet-buster InRelease
Unknown error executing apt-key
Get:7 http://security.debian.org buster/updates InRelease [65.4 kB]
Err:3 http://ftp.srce.hr/srce-debian srce-buster InRelease
Unknown error executing apt-key
Get:8 http://repo.vulners.com/debian buster InRelease [10.3 kB]
Err:2 http://ftp.hr.debian.org/debian buster InRelease
Unknown error executing apt-key
Err:4 http://ftp.hr.debian.org/debian buster-updates InRelease
Unknown error executing apt-key
Err:5 http://ftp.hr.debian.org/debian buster-backports InRelease
Unknown error executing apt-key
Err:6 https://packages.sury.org/php buster InRelease
Unknown error executing apt-key
Err:7 http://security.debian.org buster/updates InRelease
Unknown error executing apt-key
Err:8 http://repo.vulners.com/debian buster InRelease
Unknown error executing apt-key
Get:9 https://repo.cloudlinux.com/kernelcare-debian/10 stable InRelease [3,302 B]
Err:9 https://repo.cloudlinux.com/kernelcare-debian/10 stable InRelease
Unknown error executing apt-key
Reading package lists... Done
W: GPG error: http://ftp.carnet.hr/carnet-debian carnet-buster InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.carnet.hr/carnet-debian carnet-buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ftp.srce.hr/srce-debian srce-buster InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.srce.hr/srce-debian srce-buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ftp.hr.debian.org/debian buster InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.hr.debian.org/debian buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ftp.hr.debian.org/debian buster-updates InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.hr.debian.org/debian buster-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ftp.hr.debian.org/debian buster-backports InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.hr.debian.org/debian buster-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://packages.sury.org/php buster InRelease: Unknown error executing apt-key
E: The repository 'https://packages.sury.org/php buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org buster/updates InRelease: Unknown error executing apt-key
E: The repository 'http://security.debian.org buster/updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://repo.vulners.com/debian buster InRelease: Unknown error executing apt-key
E: The repository 'http://repo.vulners.com/debian buster InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://repo.cloudlinux.com/kernelcare-debian/10 stable InRelease: Unknown error executing apt-key
E: The repository 'https://repo.cloudlinux.com/kernelcare-debian/10 stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@domac:/etc/apt/trusted.gpg.d#
我努力了:
# cd /var/lib/apt
# mv lists lists.old
# mdkir -p lists/partial lists/auxfiles
# chmod 755 lists lists/auxfiles
# chmod 700 lists/partial
我也尝试过apt -oDebug::pkgAcquire::Worker=1 update,但是无法辨认。
apt-key 列表看起来与 apt update 工作的系统相同:
/etc/apt/trusted.gpg
--------------------
pub dsa1024 2007-10-30 [SC]
0E11 83A6 46FC 9255 D1B1 9664 53FB D252 EC72 006A
uid [ unknown] CARNet Paketi <[email protected]>
sub elg2048 2007-10-30 [E]
pub dsa1024 2007-11-06 [SC]
E2FF F795 7AEC 9D51 18B9 5BE2 FECB 4210 4089 CBA3
uid [ unknown] Srce paketi <[email protected]>
sub elg2048 2007-11-06 [E]
pub rsa2048 2014-02-10 [SC]
0343 27E8 2064 69CB 296A C14E CCE8 0D2B 8B53 D14B
uid [ unknown] KernelCare <[email protected]>
sub rsa2048 2014-02-10 [E]
pub dsa1024 2014-06-23 [SC]
E58F E9B3 FE3B 0470 5251 59BD 6DC3 D600 CDEF 74BB
uid [ unknown] KernelCare <[email protected]>
sub elg2048 2014-06-23 [E]
pub rsa3072 2019-03-18 [SC] [expires: 2024-02-16]
1505 8500 A023 5D97 F5D1 0063 B188 E2B6 95BD 4743
uid [ unknown] DEB.SURY.ORG Automatic Signing Key <[email protected]>
sub rsa3072 2019-03-18 [E] [expires: 2024-02-16]
pub rsa4096 2021-02-18 [SC]
3DC5 64C8 48D9 C7C3 1507 2953 6AED 0D64 4132 004C
uid [ unknown] KernelCare <[email protected]>
pub rsa2048 2017-05-03 [SC]
C69B C10E 6F34 FE17 326C D3F2 0696 3113 8D04 4866
uid [ unknown] vulners.com <[email protected]>
sub rsa2048 2017-05-03 [E]
pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62
uid [ unknown] nginx signing key <[email protected]>
/etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
1F89 983E 0081 FDE0 18F3 CC96 73A4 F27B 8DD4 7936
uid [ unknown] Debian Archive Automatic Signing Key (11/bullseye) <[email protected]>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
---------------------------------------------------------------------
pub rsa4096 2021-01-17 [SC] [expires: 2029-01-15]
AC53 0D52 0F2F 3269 F5E9 8313 A484 4904 4AAD 5C5D
uid [ unknown] Debian Security Archive Automatic Signing Key (11/bullseye) <[email protected]>
sub rsa4096 2021-01-17 [S] [expires: 2029-01-15]
/etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
---------------------------------------------------------
pub rsa4096 2021-02-13 [SC] [expires: 2029-02-11]
A428 5295 FC7B 1A81 6000 62A9 605C 66F0 0D6C 9793
uid [ unknown] Debian Stable Release Key (11/bullseye) <[email protected]>
/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
uid [ unknown] Debian Archive Automatic Signing Key (10/buster) <[email protected]>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
5E61 B217 265D A980 7A23 C5FF 4DFA B270 CAA9 6DFA
uid [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <[email protected]>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]
/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
6D33 866E DD8F FA41 C014 3AED DCC9 EFBF 77E1 1517
uid [ unknown] Debian Stable Release Key (10/buster) <[email protected]>
[snip]
我不知道可能出了什么问题......谢谢。
附言
这是命令的请求输出apt -oDebug::pkgAcquire::Worker=1 update。它太大了,无法复制粘贴,所以我把它放在这个链接上:apt-get 更新调试输出
答案1
显然,
# rm -r /var/lib/apt/lists/*
# apt update
就足够了,如下所示:https://askubuntu.com/questions/131601/gpg-error-release-the-following-signatures-were-invalid-badsig,但由于未知原因,需要一些时间。
起初,一些apt update命令产生了更多的错误,但一段时间后 apt 系统就恢复了,无需对 /var/lib/apt 或设置(或密钥,密钥与我提到过的没有中断的双系统上的密钥相同)进行进一步修改。
答案2
对我来说,在 Debian Bookworm(已弃用apt-key add)上,它是文件权限。例如,我在我的sources.list:
deb [signed-by=/etc/apt/keyrings/dnsdist-18-pub.asc arch=amd64] http://repo.powerdns.com/debian bookworm-dnsdist-18 main
并拥有适当的/etc/apt/keyrings/dnsdist-18-pub.ascroot 权限0600(由于umask 0077在我之前做过wget(1)/curl(1)那个文件)
虽然apt(8)以 root 身份运行,但_apt在较新的 Debian 版本中它默认会放弃其用户权限,因此它无法读取该文件,从而导致出现以下错误:
# apt update
Get:1 http://repo.powerdns.com/debian bookworm-dnsdist-18 InRelease [1801 B]
Hit:2 http://security.debian.org/debian-security bookworm-security InRelease
Err:1 http://repo.powerdns.com/debian bookworm-dnsdist-18 InRelease
Unknown error executing apt-key
Hit:3 https://deb.debian.org/debian bookworm InRelease
Hit:4 https://deb.debian.org/debian bookworm-updates InRelease
Get:5 https://deb.debian.org/debian bookworm-backports InRelease [56.5 kB]
[...]
Reading package lists... Done
W: GPG error: http://repo.powerdns.com/debian bookworm-dnsdist-18 InRelease: Unknown error executing apt-key
E: The repository 'http://repo.powerdns.com/debian bookworm-dnsdist-18 InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details
我尝试用它进行调试apt -oDebug::Acquire::gpgv=1 update(参见DEBUG部分apt.conf(5)),结果表明它甚至没有考虑指定的/etc/apt/keyrings/dnsdist-18-pub.asc。
最后,只需简单chmod a+r /etc/apt/keyrings/dnsdist-18-pub.asc操作就能修复这个不起眼的错误。