GPG 错误 - 以下签名无效:EXPKEYSIG

GPG 错误 - 以下签名无效:EXPKEYSIG

我们有一个自托管的 Debian 存储库,我们可以从其中获取所有软件包。在目标计算机上运行“apt update”时,我们收到以下错误 -

W: GPG error: http://URL_FQDN/dev/debian stretch InRelease: The following signatures were invalid: EXPKEYSIG 0DD91A7623XXX9F606 devkey <[email protected]>

有人可以建议这里出了什么问题吗?

我尝试了以下事情-

apt-key adv --keyserver hkp://URL_FQDN:80 --recv-keys 0DD91A7623XXX9F606 
Executing: /tmp/apt-key-gpghome.NeNGQeeH3a/gpg.1.sh --keyserver hkp://URL_FQDN:80 --recv-keys 0DD91A7623XXX9F606 
gpg: keyserver receive failed: No data

apt-key 列表给出以下输出(已过期):-

apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2018-10-25 [SC] [expires: 2025-08-25]
      89E9 375E AC23 2856 E185  4295 340E 2EE9 XXXX B486
uid           [ unknown] Group <[email protected]>
sub   rsa2048 2018-10-25 [E] [expires: 2025-08-25]

pub   rsa3072 2020-09-28 [SC] [expired: 2022-09-28]
      B899 E7EA 6FFC D59A 152B  B25A 0DD9 1A76 XXXX F606
uid           [ expired] devkey <[email protected]>

gpg --list-keys 给出以下值:-

gpg --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub   rsa3072 2020-09-28 [SC]
      B899E7EA6FFCD59A152BB25A0DD91A7623XXX9F606 
uid           [ unknown] devkey <[email protected]>
sub   rsa3072 2020-09-28 [E]

答案1

用于签署存储库工件的密钥已过期:

pub   rsa3072 2020-09-28 [SC] [expired: 2022-09-28]
      B899 E7EA 6FFC D59A 152B  B25A 0DD9 1A76 XXXX F606
uid           [ expired] devkey <[email protected]>

您需要更新它,并在使用它的任何地方进行更新。要移动密钥的到期日期,请使用 GPG 进行编辑:

$ gpg --edit-key "B899 E7EA 6FFC D59A 152B  B25A 0DD9 1A76 XXXX F606"
[…]
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)

并选择合适的值。

答案2

密钥在存储库服务器上已过期,我在那里延长了过期时间。然后,我尝试导出公钥和私钥。然后对我的目标机器执行 scp,然后手动添加私钥。

1. gpg --edit-key B899E7EA6FFCD59A152BB25A0DD91A762XXXX606
2. gpg --export-secret-key 0DD91A762XXXX606 > private. Key
3. scp private. Key to target machine
4. added the key, apt-key add private. Key

相关内容