Ubuntu 22.04 更新后,密钥存储在旧版 Trusted.gpg 密钥环中

Ubuntu 22.04 更新后,密钥存储在旧版 Trusted.gpg 密钥环中

在 Digital Ocean LAMP 堆栈 droplet 上更新 Ubuntu 22.04 后,我收到 3 个警告。

W: http://repo.mysql.com/apt/ubuntu/dists/bionic/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://pkg.cloudflare.com/dists/trusty/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

如何将钥匙移至正确位置并删除旧钥匙?

编辑

sudo apt-key list
pub   rsa2048 2016-02-17 [SC]
      9FE3 B226 BD77 5196 D8C2  E599 DE88 104A A4C6 383F
uid           [ unknown] DigitalOcean Insights Engineering <[email protected]>
sub   rsa2048 2016-02-17 [E]

pub   rsa2048 2015-01-28 [SC]
      FBA8 C0EE 6361 7C5E ED69  5C43 254B 391D 8CAC CBF8
uid           [ unknown] CloudFlare Software Packaging <[email protected]>

pub   dsa1024 2003-02-03 [SCA] [expired: 2022-02-16]
      A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
uid           [ expired] MySQL Release Engineering <[email protected]>

pub   rsa4096 2021-12-14 [SC] [expires: 2023-12-14]
      859B E8D7 C586 F538 430B  19C2 467B 942D 3A79 BD29
uid           [ unknown] MySQL Release Engineering <[email protected]>
sub   rsa4096 2021-12-14 [E] [expires: 2023-12-14]

/etc/apt/trusted.gpg.d/certbot_ubuntu_certbot.gpg
-------------------------------------------------
pub   rsa4096 2016-11-02 [SC]
      7BF5 7606 6ADA 6572 8FC7  E70A 8C47 BE8E 75BC A694
uid           [ unknown] Launchpad PPA for certbot

/etc/apt/trusted.gpg.d/ondrej-ubuntu-apache2.gpg
------------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg
--------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>
ls -l /etc/apt/sources.list.d
-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list
-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list.distUpgrade
-rw-r--r-- 1 root root 274 Mar 13  2020 certbot-ubuntu-certbot-xenial.list.save
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list.distUpgrade
-rw-r--r-- 1 root root  43 Mar 13  2020 cloudflare-main.list.save
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list.distUpgrade
-rw-r--r-- 1 root root  67 Mar 13  2020 digitalocean-agent.list.save
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list.distUpgrade
-rw-r--r-- 1 root root 137 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list
-rw-r--r-- 1 root root 135 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list.distUpgrade
-rw-r--r-- 1 root root 123 Apr  8 15:51 ondrej-ubuntu-php-xenial.list
-rw-r--r-- 1 root root 124 Apr  8 15:51 ondrej-ubuntu-php-xenial.list.distUpgrade
-rw-r--r-- 1 root root 125 Apr  8 19:11 signal-xenial.list

答案1

这个答案是对由 matigo 用户在此处提供。您需要从弃用的密钥环中导出 GPG 密钥并将其存储在/usr/share/keyrings每个存储库中。

  1. 让我们从 DigitalOcean 密钥开始。打开终端并导出9FE3 B226 BD77 5196 D8C2 E599 DE88 104A A4C6 383F密钥:

    apt-key export A4C6383F | sudo gpg --dearmour -o /usr/share/keyrings/digitalocean-agent.gpg

    笔记:A4C6383F值来自pub输出代码的最后 8 个字符apt-key list

  2. 现在我们可以更新我们的 apt 源文件/etc/apt/sources.list.d/digitalocean-agent.list),添加一个signed-by标签。通过以下方式打开它:

    sudo -H gedit /etc/apt/sources.list.d/digitalocean-agent.list

    [arch=amd64 signed-by=/usr/share/keyrings/digitalocean-agent.gpg]并在deb关键字之后、URL 之前添加标签。

    我不知道的具体内容digitalocean-agent.list,但它最终应该类似于:

    deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] packages.microsoft.com/repos/edge stable main
    
  3. 运行sudo apt update以确认消息已消失

  4. 如果消息消失,请删除原始签名:

    sudo apt-key del A4C6383F

  5. 重复的步骤,从密钥开始cloudflare-main.list生成密钥。cloudflare-main.gpg8CACCBF8

  6. 重复的步骤,从密钥开始mysql.list生成密钥。mysql.gpg5072E1F5

请考虑您收到的消息仅是警告:如果出现问题,请按原样恢复文件并保留警告,它们不会造成危害。

相关内容