如何使默认的 ubuntu 存储库再次可信？

前几天，我的一些 repos（包括 PPA）开始抛出签名。每次我尝试更新 repos 时，都会遇到此错误

sudo apt update

Get:1 http://archive.ubuntu.com/ubuntu kinetic InRelease [267 kB]
Err:1 http://archive.ubuntu.com/ubuntu kinetic InRelease
  At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://archive.ubuntu.com/ubuntu kinetic InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu kinetic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

基本上我已经禁用了所有 PPA，甚至删除了 /etc/apt/trusted.gpg.d 下的所有文件，但结果却出乎意料，我的所有存储库都不再受信任，即使是默认存储库，例如 http://archive.ubuntu.com/ubuntu动能主宇宙多元宇宙不受信任。因此

我打开了软件和更新应用程序，它显示没有什么与普通的 Ubuntu VM 相比

那么，我怎样才能让默认的 Ubuntu 存储库再次受到信任？

编辑1：

好的，我读了 apt-secure 的手册页，上面写着

引用

   The chain of trust in Debian starts (e.g.) when a maintainer uploads a new package or a new version of a package to the Debian archive. In
   order to become effective, this upload needs to be signed by a key contained in one of the Debian package maintainer keyrings (available in
   the debian-keyring package). Maintainers' keys are signed by other maintainers following pre-established procedures to ensure the identity
   of the key holder. Similar procedures exist in all Debian-based distributions.

   Once the uploaded package is verified and included in the archive, the maintainer signature is stripped off, and checksums of the package
   are computed and put in the Packages file. The checksums of all of the Packages files are then computed and put into the Release file. The
   Release file is then signed by the archive key for this Ubuntu release, and distributed alongside the packages and the Packages files on
   Ubuntu mirrors. The keys are in the Ubuntu archive keyring available in the ubuntu-keyring package.

另外，现在看来 apt-key 已被弃用或从 Jammy jellyfish（22.04）以上的任何版本开始都无法使用？（我安装了 Kinetic Kudu 22.10）

除了在维护者脚本中使用 apt-key del 外，apt-key 的使用已弃用。本节介绍如何替换现有的 apt-key 使用。

   If your existing use of apt-key add looks like this:

   wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -

   Then you can directly replace this with (though note the recommendation below):

   wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc

   Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also known as "GPG key
   public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format works for apt version >= 1.4.

   Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the
   Signed-By option in your sources.list and pointing to the filename of the key. See sources.list(5) for details. Since APT 2.4,
   /etc/apt/keyrings is provided as the recommended location for keys not managed by packages. When using a deb822-style sources.list, and
   with apt version >= 2.4, the Signed-By option can also be used to include the full ASCII armored keyring directly in the sources.list
   without an additional file.

apt 版本是 2.53

    apt -v
apt 2.5.3 (amd64)

看一看：-

sudo apt-key list
create_gpg_home:trap:14: undefined signal: ABRT

这是我发现的唯一一个问题（它仍然没有答案），这个错误 22.04 - 安装 docker 引擎后 apt 更新时出错

这有帮助吗？

編輯2

似乎有一些社区成员遇到过类似的问题 强制从未签名的存储库更新 但就我而言，我无法使用 apt-key 做任何事情，因为我一直收到未定义的信号：ABRT

sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5C808C2B65558117
create_gpg_home:trap:14: undefined signal: ABRT

强制信任存储库（尤其是用于接收操作系统更新和补丁）并不是最佳的安全实践 :/。