我的 Raspberry Pi 5 SBC 上的 PXE 启动已完成 99% 的工作 - 除了apt-get update
正常工作之外,其他一切都正常。我的环境是 TrueNAS Scale 上的 TFTP 服务器,有 2 个 NFS 共享,一个用于 tftpboot,一个用于根文件系统。DHCP 设置 66 可以毫无问题地分发 TFTP IP 地址。
新的额外信息:我发现这不仅仅是 Raspberry Pi OS 的问题。如果我使用 DietPi(同样基于 Debian),也会发生同样的事情:
Err:15 https://dietpi.com/apt bookworm InRelease
At least one invalid signature was encountered.
获取根文件系统文件的过程是:
- 从新 SD 卡启动 pi5
- 完成初始安装
- 将 /boot/firmware 和 / rsync 到上面的共享(这其中不涉及 ISO 文件,就像一些 PXE 解决方案使用的一样)。rsync 已运行,
--perms
并且我已验证目标上的权限与源上的权限相同。
但是,当 pi5 从 PXE 启动时,apt-get update
无法运行并抛出以下错误:
me@raspberrypi:~ $
me@raspberrypi:~ $ sudo apt-get update
Get:1 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:2 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:3 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Err:1 http://deb.debian.org/debian bookworm InRelease
At least one invalid signature was encountered.
Err:2 http://deb.debian.org/debian-security bookworm-security InRelease
At least one invalid signature was encountered.
Err:3 http://deb.debian.org/debian bookworm-updates InRelease
At least one invalid signature was encountered.
Get:4 http://archive.raspberrypi.com/debian bookworm InRelease [39.3 kB]
Err:4 http://archive.raspberrypi.com/debian bookworm InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian bookworm InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian-security bookworm-security InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian-security bookworm-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: At least one invalid signature was encountered.
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.raspberrypi.com/debian bookworm InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.raspberrypi.com/debian bookworm InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
me@raspberrypi:~ $
允许不安全和未经身份验证的存储库得到进一步发展,但仍然会失败,并出现以下错误:
W: GPG error: http://deb.debian.org/debian bookworm InRelease: At least one invalid signature was encountered.
W: The repository 'http://deb.debian.org/debian bookworm InRelease' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
下面的 apt 示例安装了 nginx,但请注意以下行:
WARNING: The following packages cannot be authenticated!
nginx-common nginx
以下是完整输出:
me@raspberrypi:~ $ sudo apt-get install nginx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
nginx-common
Suggested packages:
fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
nginx nginx-common
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 606 kB of archives.
After this operation, 1,708 kB of additional disk space will be used.
Do you want to continue? [Y/n]
WARNING: The following packages cannot be authenticated!
nginx-common nginx
Install these packages without verification? [y/N] y
Get:1 http://deb.debian.org/debian bookworm/main arm64 nginx-common all 1.22.1-9 [112 kB]
Get:2 http://deb.debian.org/debian bookworm/main arm64 nginx arm64 1.22.1-9 [494 kB]
Fetched 606 kB in 1s (541 kB/s)
Preconfiguring packages ...
Selecting previously unselected package nginx-common.
(Reading database ... 78339 files and directories currently installed.)
Preparing to unpack .../nginx-common_1.22.1-9_all.deb ...
Unpacking nginx-common (1.22.1-9) ...
Selecting previously unselected package nginx.
Preparing to unpack .../nginx_1.22.1-9_arm64.deb ...
Unpacking nginx (1.22.1-9) ...
Setting up nginx-common (1.22.1-9) ...
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /lib/systemd/system/nginx.service.
Setting up nginx (1.22.1-9) ...
Upgrading binary: nginx.
Processing triggers for man-db (2.11.2-2) ...
me@raspberrypi:~ $
这表明这不是文件系统权限问题,否则无法安装新软件包。重新启动后,nginx 仍然存在并且运行良好,因此文件系统持久性也正常工作。
注意我可以按照官方安装说明添加新的 repos,例如 Docker repo。
这不是 Docker 的问题,正如许多其他搜索结果所暗示的那样;除了上述测试之外,Docker repo 从未安装在该系统上。有足够的磁盘空间可用,所以也不是这个问题。
是什么原因造成的?临时使用一个空的 apt sources.list
,并sources.list.d
允许 apt 运行而不会抛出错误,正如预期的那样。添加新的 repo 并运行后sudo apt-get update
一切正常,所以它肯定与 SD 卡安装中的现有 repo 有关。恢复上述复制的文件会直接导致错误再次出现。
我搜索了很多,发现了几个相同的错误,但它们的解决方案在这里不起作用,例如
事实证明,这毕竟是一个 NFS 权限问题。TrueNAS Scale 要求 Maproot 用户
root
和 Maproot 组必须具备,wheel
这种 PXE 启动实现才能为我工作。我之前对所有共享都使用nobody
/nogroup
;这对我所有其他用例都适用,但对 PXE 则不行。对于终端用户来说,这
no_root_squash
在您的/etc/exports
文件中。此示例块不是一种建议,非常不安全,只是测试期间有效的示例: