最近我注意到运行时存在一些问题apt
,系统会警告我密钥环已弃用:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
8 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: https://packages.microsoft.com/repos/edge/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
这不会阻止我执行更新,但我更希望在更新系统时不要看到这一点。我们今后应该如何存储受信任的 GPG 密钥?
答案1
解决此问题的一种方法是从弃用的密钥环中导出 GPG 密钥并将其存储在 中/usr/share/keyrings
。幸运的是,这并不太难:
打开终端(如果尚未打开)
列出现有的密钥:
$ sudo apt-key list Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). /etc/apt/trusted.gpg -------------------- pub rsa4096 2017-05-08 [SCEA] 1EDD E2CD FC02 5D17 F6DA 9EC0 ADAE 6AD2 8A8F 901A uid [ unknown] Sublime HQ Pty Ltd <[email protected]> sub rsa4096 2017-05-08 [S] pub rsa2048 2015-10-28 [SC] BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF uid [ unknown] Microsoft (Release signing) <[email protected]>
从这里,我们可以导出一个密钥:
sudo apt-key export BE1229CF | sudo gpg --dearmor -o /usr/share/keyrings/microsoft.gpg
笔记:该
BE1229CF
值来自pub
代码的最后 8 个字符。可能会出现以下消息:
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
现在我们可以更新存储库的 apt 源文件(例如
/etc/apt/sources.list.d/microsoft.list
),添加一个signed-by
标签:deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main
更新
apt
以确认消息已消失:sudo apt update ... Reading package lists... Done Building dependency tree... Done Reading state information... Done All packages are up-to-date. W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
删除原有签名:
sudo apt-key del BE1229CF
可以对每个警告信息执行此操作。一旦完成,apt
将不再抱怨。
答案2
尝试这个
cd /etc/apt
sudo cp trusted.gpg trusted.gpg.d
答案3
修复这些警告信息的简单方法sudo apt update
由...生成
W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
笔记:这些警告信息可由任何已启用Software & Updates
“其他软件”选项卡中的 repo 或 ppa 。
修复示例:
对于此警告信息sudo apt update
...
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
我们查看sudo apt-key list
并找到 xbmc 的这个条目...
pub rsa1024 2009-01-20 [SC]
1897 01DA 570C 56B9 488E F60A 6D97 5C47 91E7 EE5E
uid [ unknown] Launchpad PPA for XBMC for Linux
然后我们将这个条目转换为 .gpg 文件,使用上面的最后 8 位数字字符...
sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg
对生成的每个警告消息重复上述命令sudo apt update
。
答案4
如果您使用 apt/trust.gpg.d/ 文件夹并且您使用的是 debian,则无需编辑 sources.list。
按照其他步骤获取密钥 ID:
$ apt-key list
/etc/apt/trusted.gpg
--------------------
pub rsa2048 2012-04-01 [SC]
A0DA 38D0 D76E 8B5D 6388 7281 9165 938D 90FD DD2E
uid [ unknown] Mike Thompson (Raspberry Pi Debian armhf ARMv6+VFP) <[email protected]>
sub rsa2048 2012-04-01 [E]
然后运行:
apt-key export 90FDDD2E | sudo tee /etc/apt/trusted.gpg.d/raspberry.debian.armhf.asc
您可以删除 trust.gpg 文件,但不删除它错误也会消失。