Let's take ansible as an example. If you do click on the "Technical details about this PPA" link you see:
Signing key:
4096R/7BB9C367
Fingerprint:
6125E2A8C77F2818FB7BD15B93C4A3FD7BB9C367
If you try to add that software without adding the key you get
W: GPG error: http://ppa.launchpad.net trusty Release: The following signatures couldn't
be verified because the public key is not available: NO_PUBKEY 93C4A3FD7BB9C367
When I do apt-key list
I see 4096R/7BB9C367
. To add the key I need to do:
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 93C4A3FD7BB9C367
And the fingerprint doesn't seem to be mentioned anywhere. What is the difference between all these values?
Why do I not need to do apt-key ... --recv-keys
if adding the PPA but I need to if manually adding the line to /etc/apt/sources.list.d
? How does PPA know that 93C4A3FD7BB9C367
is what it needs to use, where does it find this?
Bonus round:
- What is the difference between using a PPA vs just adding a line to
/etc/apt/sources.list.d/
? - Where is this PPA thing 'hosted' that just adding
ppa:ansible/ansible
is enough to add that line tosources.list.d
?
答案1
我先回答你的最后一个问题。
ppa:ansible/ansible
是一种特殊格式,指的是 Launchpad PPA,可用于 Ubuntu 和 Ubuntu 衍生产品(至少)。就功能而言,PPA 只是一个常规存储库。但是,这种确切格式不能直接添加到 中/etc/apt/sources.list
,因为apt
不识别这种格式。因此,必须添加存储库的 URL。例如, 的 URLppa:teamName/archiveName
是http://ppa.launchpad.net/teamName/archiveName/ubuntu
。
通常,软件更新程序或终端都用于添加 PPA。软件更新程序识别 PPA 语法。在终端中,apt-add-repository
识别格式并通常用于添加 PPA。这还会获取用于签署存储库的公钥。如果出于某种原因无法执行此操作,您将收到与运行 时类似的警告sudo apt-get update
。
至于指纹,公钥的完整指纹是公钥的 40 个字符的字母数字表示。Launchpad 显示完整的 40 个字符。但是,输入或记住 40 个字符很困难,尤其是在有多个公钥的情况下。因此,通常显示最后 8 个或 16 个字符。apt
显示指纹的最后 16 个字符,并且apt-key list
(在后台使用)显示最后 8 个字符。可以配置gpg
显示的格式。gpg