主页 / ubuntu / 问题 / 1398344
Accepted
matigo
Asked: 2022-03-20 14:45:57 +0800 CST

更新系统时 apt-key 弃用警告

  • 772

最近我在运行时注意到一些问题apt,系统会警告我密钥环已弃用:

Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
8 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: https://packages.microsoft.com/repos/edge/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

这不会阻止我执行更新,但我更希望在更新系统时看不到这一点。我们应该如何存储受信任的 GPG 密钥?

apt

5 个回答

  1. Best Answer

    解决此问题的一种方法是从已弃用的密钥环中导出 GPG 密钥并将其存储在/usr/share/keyrings. 幸运的是,这并不难:

    1. 打开终端(如果尚未打开)

    2. 列出现有键:

      $ sudo apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <[email protected]>
sub   rsa4096 2017-05-08 [S]

pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <[email protected]>

    3. 从这里,我们可以导出一个密钥:

      sudo apt-key export BE1229CF | sudo gpg --dearmour -o /usr/share/keyrings/microsoft.gpg

      注意:BE1229CF值来自pub代码的最后 8 个字符。

      可能会出现以下消息:

      Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

    4. 现在我们可以为存储库更新我们的 apt 源文件(例如,/etc/apt/sources.list.d/microsoft.list),添加一个signed-by标签:

      deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge/ stable main

    5. 更新apt以确认消息消失:

      sudo apt update
...
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up-to-date.
W: https://download.sublimetext.com/apt/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    6. 删除原始签名:

      sudo apt-key del BE1229CF

    这可以通过每个警告消息来完成。一旦完成,apt将不再抱怨。

    • 108

  2. 尝试这个

    cd /etc/apt
sudo cp trusted.gpg trusted.gpg.d
    • 38

  3. sudo apt update修复由...生成的这些警告消息的简单方法

    W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    注意:这些警告消息可以由“其他软件”选项卡中任何启用的repo 或 ppa生成。Software & Updates

    示例修复:

    对于此警告消息sudo apt update...

    W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    我们查看sudo apt-key list并找到 xbmc 的此条目...

    pub   rsa1024 2009-01-20 [SC]
      1897 01DA 570C 56B9 488E  F60A 6D97 5C47 91E7 EE5E
uid           [ unknown] Launchpad PPA for XBMC for Linux

    然后我们将此条目转换为 .gpg 文件,使用上面的最后 8 个数字字符...

    sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg

    对生成的每条警告消息重复上述命令sudo apt update

    注意:部分取自此处此处已接受的答案。

    • 14

  4. 考虑到提供的所有好的建议,我制作了一个辅助 oneliner 来自动化所有键的过程:

    sudo apt-key list 2>&1 | grep -E '(trusted.gpg.d)' -A 3 | grep -v '^\-\-' | grep -v '^pub ' | sed 's@.*/trusted.gpg.d/\(.*\)@\1@g' | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print "sudo apt-key export "$10$11" | sudo gpg --dearmour -o /usr/share/keyrings/"$1}' | xargs -I{} eval("{}")
    • 2

  5. 我用下面的一些命令解决了它。

    wget https://apt.metasploit.com/metasploit-framework.gpg.key
gpg --no-default-keyring --keyring ./metasploit-framework_keyring.gpg --import metasploit-framework.gpg.key
gpg --no-default-keyring --keyring ./metasploit-framework_keyring.gpg --export > ./metasploit-framework.gpg
sudo mv ./metasploit-framework.gpg /etc/apt/trusted.gpg.d/
apt update

    已解决,密钥存储在 metasploit 安装上的旧的trusted.gpg 密钥环(/etc/apt/trusted.gpg)中

    • 0

相关问题