这是问题 952287:[用户反馈 - 稳定版] 有报告称,由于 GPG 签名密钥过期,Linux 版 Chrome 无法安装/更新
今天,apt在我的所有机器上运行 Google PPA(针对google-chrome)时出现此错误:
me@mymachine:~$ sudo apt clean && sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt autoclean -y && sudo snap refresh
[sudo] password for me:
Ign:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 http://ppa.launchpad.net/graphics-drivers/ppa/ubuntu bionic InRelease
Hit:3 http://dl.google.com/linux/chrome/deb stable Release
Hit:4 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88,7 kB]
Get:6 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74,6 kB]
Err:7 http://dl.google.com/linux/chrome/deb stable Release.gpg
The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>
Get:8 http://archive.ubuntu.com/ubuntu bionic-security InRelease [88,7 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [574 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages [488 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 DEP-11 Metadata [278 kB]
Get:12 http://archive.ubuntu.com/ubuntu bionic-updates/main DEP-11 48x48 Icons [66,7 kB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/main DEP-11 64x64 Icons [123 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [756 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages [745 kB]
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/universe Translation-en [201 kB]
Get:17 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 DEP-11 Metadata [209 kB]
Get:18 http://archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 48x48 Icons [191 kB]
Get:19 http://archive.ubuntu.com/ubuntu bionic-updates/universe DEP-11 64x64 Icons [360 kB]
Get:20 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 DEP-11 Metadata [2.468 B]
Get:21 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 DEP-11 Metadata [7.352 B]
Get:22 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 Packages [296 kB]
Get:23 http://archive.ubuntu.com/ubuntu bionic-security/main i386 Packages [216 kB]
Get:24 http://archive.ubuntu.com/ubuntu bionic-security/main amd64 DEP-11 Metadata [204 B]
Get:25 http://archive.ubuntu.com/ubuntu bionic-security/universe i386 Packages [127 kB]
Get:26 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [131 kB]
Get:27 http://archive.ubuntu.com/ubuntu bionic-security/universe Translation-en [74,2 kB]
Get:28 http://archive.ubuntu.com/ubuntu bionic-security/universe amd64 DEP-11 Metadata [20,8 kB]
Get:29 http://archive.ubuntu.com/ubuntu bionic-security/universe DEP-11 48x48 Icons [12,2 kB]
Get:30 http://archive.ubuntu.com/ubuntu bionic-security/universe DEP-11 64x64 Icons [50,4 kB]
Get:31 http://archive.ubuntu.com/ubuntu bionic-security/multiverse amd64 DEP-11 Metadata [2.464 B]
Fetched 5.183 kB in 2s (2.131 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://dl.google.com/linux/chrome/deb stable Release: The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>
W: Failed to fetch http://dl.google.com/linux/chrome/deb/dists/stable/Release.gpg The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>
W: Some index files failed to download. They have been ignored, or old ones used instead.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree
Reading state information... Done
All snaps up to date.
已经尝试使用以下命令再次导入 GPG 密钥:
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
编辑:添加西班牙语错误行以提高可见性:
Las siguientes firmas no fueron válidas: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>
EDIT2:和法语(涵盖排名前 3 位的语言):
Les signatures suivantes ne sont pas valables : EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <[email protected]>
答案1
这就是您从这些检查中获得的保护。 在 Google 出现问题时,您不会想立即更新软件。等他们修复后再更新。在官方宣布新密钥是解决方案之前,不要尝试通过重新安装密钥来覆盖。
答案2
显然,谷歌没有延长签名证书的有效期......它原定于今天到期,所以它就这样延长了。 https://pgp.surfnet.nl/pks/lookup?op=vindex&fingerprint=on&search=0x7721F63BD38B4796
也许谷歌会在今天左右改变它...然后证书的更新应该可以正常工作,一切都应该恢复正常。
答案3
该问题已由 Google Abr 12/2019 解决(仅限 Google Chrome。在 Ubuntu 18.04.x 中测试)
无需执行任何操作。存储库已签名
2019 年 4 月 19 日更新:
Google 团队已确认已针对以下问题发布了其他修复其他非 Chrome Google 产品
答案4
看起来就像 @DooMMasteR 所说的那样,Google 让签名证书过期他们的Linux 存储库,预产期是4月12日。@yareckon 解释说,此apt安全错误按预期运行,以防止安装签名错误的软件。
问题发布 9 小时后,Google 已向使用 Google Chrome repo 的用户公开修复了证书。他们更新证书后错误就消失了,逐步覆盖 Google 拥有的其他代码库(谷歌地球、谷歌音乐管理器……)。
用户无需采取任何行动(也不建议采取任何行动),只需等待使用更新的密钥对正在使用的存储库进行签名。