Configuração do GRUB para reconhecer diferentes ambientes de desktop (instalações) da mesma distribuição Linux

Question

shirish

Asked: 2019-04-28 17:03:03 +0800 CST2019-04-28 17:03:03 +0800 CST 2019-04-28 17:03:03 +0800 CST

quando o apt ou apttitude ou apt-get começou a suportar as duas últimas versões para fins de migração

772

Eu estava brincando com minha instalação do Debian hoje e descobri uma coisa interessante. Se eu fizer por exemplo

$ apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2019-04-15 [SC] [expires: 2024-04-13]
      12D4 CD60 0C22 40A9 F4A8  2071 D7B0 B669 41D0 1538
uid           [ unknown] riot.im packages <[email protected]>
sub   rsa3072 2019-04-15 [S] [expires: 2021-04-14]

pub   rsa4096 2019-04-15 [SC] [expires: 2024-04-13]
      AAF9 AE84 3A75 84B5 A3E4  CD2B CF45 A512 DE2D A058
uid           [ unknown] matrix.org packages <[email protected]>
sub   rsa3072 2019-04-15 [S] [expires: 2021-04-14]

pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <[email protected]>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <[email protected]>

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <[email protected]>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <[email protected]>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <[email protected]>

Eu estava curioso para saber por que ele tem teclas jessie e stretch quando estou usando o debian-buster. No acima, estas são as duas chaves -

pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <[email protected]>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <[email protected]>

Eu removi as chaves usando -

$ sudo apt-key del E1CF20DDFFE4B89E802658F1E0B11894F66AEC98

assim como -

$ sudo apt-key del D21169141CECD440F2EB8DDA9D6D8F6BC857C906

quando ambas as chaves foram excluídas, recebi erros de chaves pub

$ sudo apt update
Hit:1 http://cdn-fastly.deb.debian.org/debian buster InRelease                                               
Err:1 http://cdn-fastly.deb.debian.org/debian buster InRelease                           
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Hit:2 http://cdn-fastly.deb.debian.org/debian-security buster/updates InRelease         
Err:2 http://cdn-fastly.deb.debian.org/debian-security buster/updates InRelease         
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY AA8E81B4331F7F50
Hit:3 http://cdn-fastly.deb.debian.org/debian unstable InRelease                         
Err:3 http://cdn-fastly.deb.debian.org/debian unstable InRelease                         
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Hit:4 http://cdn-fastly.deb.debian.org/debian experimental InRelease                     
Err:4 http://cdn-fastly.deb.debian.org/debian experimental InRelease                     
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Hit:5 http://debug.mirrors.debian.org/debian-debug buster-debug InRelease
Err:5 http://debug.mirrors.debian.org/debian-debug buster-debug InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Hit:6 http://debug.mirrors.debian.org/debian-debug unstable-debug InRelease
Hit:7 http://debug.mirrors.debian.org/debian-debug experimental-debug InRelease
Err:6 http://debug.mirrors.debian.org/debian-debug unstable-debug InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Err:7 http://debug.mirrors.debian.org/debian-debug experimental-debug InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
Hit:8 https://packages.riot.im/debian buster InRelease
Reading package lists... Done
Building dependency tree       
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://cdn-fastly.deb.debian.org/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://cdn-fastly.deb.debian.org/debian-security buster/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY AA8E81B4331F7F50
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://cdn-fastly.deb.debian.org/debian unstable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://cdn-fastly.deb.debian.org/debian experimental InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://debug.mirrors.debian.org/debian-debug buster-debug InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://debug.mirrors.debian.org/debian-debug unstable-debug InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://debug.mirrors.debian.org/debian-debug experimental-debug InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/buster/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://cdn-fastly.deb.debian.org/debian-security/dists/buster/updates/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY AA8E81B4331F7F50
W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/unstable/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://cdn-fastly.deb.debian.org/debian/dists/experimental/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://debug.mirrors.debian.org/debian-debug/dists/buster-debug/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://debug.mirrors.debian.org/debian-debug/dists/unstable-debug/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453EC
W: Failed to fetch http://debug.mirrors.debian.org/debian-debug/dists/experimental-debug/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010 NO_PUBKEY 04EE7237B7D453E

Meu /etc/apt/sources.list é -

$ cat /etc/apt/sources.list

                               #### Debian buster #########
        deb http://cdn-fastly.deb.debian.org/debian/ buster main contrib non-free
    deb-src http://cdn-fastly.deb.debian.org/debian buster main contrib non-free
        deb http://cdn-fastly.deb.debian.org/debian-security buster/updates main
    deb-src http://cdn-fastly.deb.debian.org/debian-security buster/updates main


                              #### Debian unstable #########
        deb http://cdn-fastly.deb.debian.org/debian unstable main contrib non-free
    deb-src http://cdn-fastly.deb.debian.org/debian unstable main contrib non-free


                           #### Debian experimental #########
       deb http://cdn-fastly.deb.debian.org/debian experimental main contrib
   deb-src http://cdn-fastly.deb.debian.org/debian experimental main contrib

                         ##### Debian Debug packages #######
       deb http://debug.mirrors.debian.org/debian-debug/ buster-debug main
       deb http://debug.mirrors.debian.org/debian-debug/ unstable-debug main
       deb http://debug.mirrors.debian.org/debian-debug/ experimental-debug main


                    ######## Third party repos #######
      deb https://riot.im/packages/debian/ buster main

e tive que importá-los usando gpg (eu sei que é inseguro, mas tive que fazer -)

# gpg --recv-keys AA8E81B4331F7F50
gpg: key EDA0D2388AE22BA9: 11 signatures not checked due to missing keys
gpg: key EDA0D2388AE22BA9: public key "Debian Security Archive Automatic Signing Key (9/stretch) <[email protected]>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

e depois -

# gpg --export AA8E81B4331F7F50 | apt-key add
OK

Estou curioso para saber quando o apt começou a suportar assinaturas de versões antigas junto com as chaves mais recentes? É um fenômeno recente ou um fenômeno realmente antigo? Quero dizer, se foi feito em Etch (4.0) ou posterior?

Atualização - Começou como um Strech Install, ou seja, 9 e agora tem buster.

No que diz respeito à outra questão /etc/apt/trusted.gpg.d/ tem -

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <[email protected]>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <[email protected]>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <[email protected]>

1 respostas

Voted

A.B · Answer 1 · 2019-04-29T08:36:55+08:00

A assinatura uma vez por lançamento pelo ftp-master é descrita em ftp-master.debian.org :

Qual release deve ser assinado com qual chave?

As versões estáveis são assinadas tanto pela chave de assinatura de arquivo automática ftp-master em uso no momento da versão quanto por uma chave estável por versão. Arquivos de lançamento para outros lançamentos (atualizações propostas, testes, atualizações propostas para testes, instáveis e experimentais) são assinados apenas pela chave automática ftp-master.

O arquivo de segurança é assinado apenas pela chave ftp-master.

O procedimento atual é que há uma chave mestre de ftp por versão (o procedimento anterior introduzia uma nova chave uma vez por ano).

Até onde o archive.org pode voltar (2009), esse tem sido o caso, incluindo a versão etch :

O procedimento atual é que há uma chave mestre de ftp por versão (o procedimento anterior introduzia uma nova chave uma vez por ano).

Chaves de arquivo

Chaves de assinatura ativas

A chave atual (2007/etch) pode ser baixada aqui

Parece relacionado à criação do pacote debian-archive-keyringpara etch , que inclui os arquivos que você excluiu, dos quais depende desde etch :apt

apt (0.6.46.2) unstable; urgency=low

* debian/control:
- depend on debian-archive-keyring to offer clean upgrade path
(closes:#386800)
[...]

quando o apt ou apttitude ou apt-get começou a suportar as duas últimas versões para fins de migração

Chaves de arquivo

Chaves de assinatura ativas

Possível firmware ausente /lib/firmware/i915/* para o módulo i915

Falha ao buscar o repositório de backports jessie

Como exportar uma chave privada GPG e uma chave pública para um arquivo

Como podemos executar um comando armazenado em uma variável?

Como configurar o systemd-resolved e o systemd-networkd para usar o servidor DNS local para resolver domínios locais e o servidor DNS remoto para domínios remotos?

apt-get update error no Kali Linux após a atualização do dist [duplicado]

Como ver as últimas linhas x do log de serviço systemctl

Nano - pule para o final do arquivo

erro grub: você precisa carregar o kernel primeiro

Como baixar o pacote não instalá-lo com o comando apt-get?

quando o apt ou apttitude ou apt-get começou a suportar as duas últimas versões para fins de migração

1 respostas

Chaves de arquivo

Chaves de assinatura ativas

relate perguntas