经过很长时间的搜索,我终于找到了一个特定的软件包,我需要为故意存在漏洞的机器安装虚拟机。有问题的软件包是openssl1.0.2-1,我在安装它时遇到了很多麻烦。该包位于https://snapshot.debian.org/archive/debian/20150123T220434Z。我已经在我的快照存储库中添加了一个 deb 条目sources.list.d/,并添加了必要的密钥,apt-key但现在运行时出现以下错误sudo apt update:
Err:9 https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease
The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>
Reading package lists... Done
W: GPG error: https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <[email protected]>
E: The repository 'https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
我不知道如何处理这个问题,因为我认为我已经添加了密钥。如果有人能指出我如何解决这个问题的正确方向,那就太好了。或者,也许有更好的方法来安装这些过时的(?)软件包,因为我将在我的设置中重复执行此类操作。