由于缺少公钥,使用 apt 安装 Sublime Text 失败

tag-icon tag-icon debian apt gpg signature sublime-text
由于缺少公钥,使用 apt 安装 Sublime Text 失败

我正在使用下面链接的说明来设置 apt 来安装 sublime-text。我有意应用 Debian 和 Stackexchange 页面上描述的连接第三方存储库的方法,使用 Sublime 作为第三方存储库的示例。

https://www.sublimetext.com/docs/linux_repositories.html

https://wiki.debian.org/DebianRepository/UseThirdParty

如何添加第三方存储库。和 Debian 中的密钥?

但是,运行时apt update我收到以下有关加密密钥的错误:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

这就是我正在做的:

下载密钥,将密钥从 ascii 转换为二进制,并将密钥移动到共享位置:

curl https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor > ~/Downloads/sublime-keyring.gpg
sudo mkdir -vp /usr/local/share/keyrings/
sudo mv -v ~/Downloads/sublime-keyring.gpg /usr/local/share/keyrings/sublime-keyring.gpg
sudo chown -v root:root /usr/local/share/keyrings/sublime-keyring.gpg
sudo chmod -v 0640 /usr/local/share/keyrings/sublime-keyring.gpg

创建源列表:

printf "deb [signed-by=/usr/local/share/keyrings/sublime-keyring.gpg] https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list

设置固定规则以限制存储库的使用:

printf "%s\n" "Package: *" "Pin: origin download.sublimetext.com" "Pin-Priority: 1" "" "Package: sublime-text" "Pin: origin download.sublimetext.com" "Pin-Priority: 500" | sudo tee /etc/apt/preferences.d/sublime-text.pref

然后我运行sudo apt update它创建以下有关 Sublime Text 存储库的输出:

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                    
Err:1 https://download.sublimetext.com apt/stable/ InRelease                                                                                     
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

当我使用 gpg 的 debug 运行时sudo apt -o Debug::Acquire::gpgv=True update,我得到了更多详细信息:

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                   
0% [Waiting for headers] [Waiting for headers]inside VerifyGetSigners                                                                    
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /usr/local/share/keyrings/sublime-keyring.gpg verify --status-fd 3 /tmp/apt.sig.zwA50y /tmp/apt.data.zbzsmw
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG F57D4F59BD3DF454 1 8 01 1627009220 9 -

Got ERRSIG F57D4F59BD3DF454 !
Read: [GNUPG:] NO_PUBKEY F57D4F59BD3DF454

Got NO_PUBKEY F57D4F59BD3DF454 !
gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: NO_PUBKEY F57D4F59BD3DF454
  Signed-By: 
  NODATA: no
Err:1 https://download.sublimetext.com apt/stable/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

我读到这意味着 apt 正确地传递了我下载的密钥的位置。这可能意味着 gpg 无法读取密钥的内容。或者也许钥匙在脱模过程中不知何故被损坏,不再具有预期的内容。这纯粹是我的猜测。

当我检查亲爱的钥匙时sudo gpg --show-keys /usr/local/share/keyrings/sublime-keyring.gpg,我得到以下信息,这似乎是正确的:

pub   rsa4096 2017-05-08 [SCEA]
      1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A
uid                      Sublime HQ Pty Ltd <[email protected]>
sub   rsa4096 2017-05-08 [S]

密钥是可读的,尽管它没有提及F57D4F59BD3DF454

那么到底出了什么问题呢?我怎样才能让它正常工作?

答案1

我假设读取公钥文件的所有进程都具有root访问权限。但事实证明情况可能并非如此。

因为将权限设置为0640导致了我报告的问题,并将它们设置为0644解决了问题。

更新后的命令应如下所示:

sudo chmod -v 0644 /usr/local/share/keyrings/sublime-keyring.gpg

通过此更改,我能够使用问题中描述的过程更新和安装 Sublime Text。

答案2

我可能遗漏了一些东西,但我认为您不需要使用 gpg 执行所有步骤。此行为我的系统安装密钥:

wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -

它在您提到的第一个 URL 中有详细记录。

答案3

编者注:

解决方案不是一个正确的答案,或者根本不是一个解决方案。请不要使用它!

我有同样的问题,错误显示是:

Err:2 https://download.sublimetext.com apt/stable/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

[trusted=yes]解决方案是在 /etc/apt/sources.list.d/sublime-text.list 文件中添加选项:

deb [trusted=yes] https://download.sublimetext.com/ apt/stable/

它并没有真正解决问题,“错误键”仍然显示,但我可以apt-get install sublime-text完美地做到。

这是我运行时收到的消息apt update

apt update                                
Get:2 https://download.sublimetext.com apt/stable/ InRelease [2,536 B]                         
Ign:2 https://download.sublimetext.com apt/stable/ InRelease
Get:3 https://download.sublimetext.com apt/stable/ Packages [6,373 B]
Fetched 6,373 B in 3s (2,482 B/s)    
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1861 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

相关内容