我们有一个自托管的 Debian 存储库,我们可以从其中获取所有软件包。在目标计算机上运行“apt update”时,我们收到以下错误 -
W: GPG error: http://URL_FQDN/dev/debian stretch InRelease: The following signatures were invalid: EXPKEYSIG 0DD91A7623XXX9F606 devkey <[email protected]>
有人可以建议这里出了什么问题吗?
我尝试了以下事情-
apt-key adv --keyserver hkp://URL_FQDN:80 --recv-keys 0DD91A7623XXX9F606
Executing: /tmp/apt-key-gpghome.NeNGQeeH3a/gpg.1.sh --keyserver hkp://URL_FQDN:80 --recv-keys 0DD91A7623XXX9F606
gpg: keyserver receive failed: No data
apt-key 列表给出以下输出(已过期):-
apt-key list
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2018-10-25 [SC] [expires: 2025-08-25]
89E9 375E AC23 2856 E185 4295 340E 2EE9 XXXX B486
uid [ unknown] Group <[email protected]>
sub rsa2048 2018-10-25 [E] [expires: 2025-08-25]
pub rsa3072 2020-09-28 [SC] [expired: 2022-09-28]
B899 E7EA 6FFC D59A 152B B25A 0DD9 1A76 XXXX F606
uid [ expired] devkey <[email protected]>
gpg --list-keys 给出以下值:-
gpg --list-keys
/root/.gnupg/pubring.kbx
------------------------
pub rsa3072 2020-09-28 [SC]
B899E7EA6FFCD59A152BB25A0DD91A7623XXX9F606
uid [ unknown] devkey <[email protected]>
sub rsa3072 2020-09-28 [E]
答案1
用于签署存储库工件的密钥已过期:
pub rsa3072 2020-09-28 [SC] [expired: 2022-09-28]
B899 E7EA 6FFC D59A 152B B25A 0DD9 1A76 XXXX F606
uid [ expired] devkey <[email protected]>
您需要更新它,并在使用它的任何地方进行更新。要移动密钥的到期日期,请使用 GPG 进行编辑:
$ gpg --edit-key "B899 E7EA 6FFC D59A 152B B25A 0DD9 1A76 XXXX F606"
[…]
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
并选择合适的值。
答案2
密钥在存储库服务器上已过期,我在那里延长了过期时间。然后,我尝试导出公钥和私钥。然后对我的目标机器执行 scp,然后手动添加私钥。
1. gpg --edit-key B899E7EA6FFCD59A152BB25A0DD91A762XXXX606
2. gpg --export-secret-key 0DD91A762XXXX606 > private. Key
3. scp private. Key to target machine
4. added the key, apt-key add private. Key