主页 / ubuntu / 问题 / 1403556
Accepted
newcat1000
Asked: 2022-04-22 11:26:16 +0800 CST

Ubuntu 22.04更新后,密钥存储在旧的trusted.gpg密钥环中[重复]

  • 772

Ubuntu 22.04 在 Digital Ocean LAMP 堆栈液滴上更新后,我收到 3 条警告。

W: http://repo.mysql.com/apt/ubuntu/dists/bionic/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://pkg.cloudflare.com/dists/trusty/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

如何将钥匙移动到正确的位置并删除旧钥匙?

编辑

sudo apt-key 列表

pub   rsa2048 2016-02-17 [SC]
      9FE3 B226 BD77 5196 D8C2  E599 DE88 104A A4C6 383F
uid           [ unknown] DigitalOcean Insights Engineering <[email protected]>
sub   rsa2048 2016-02-17 [E]

pub   rsa2048 2015-01-28 [SC]
      FBA8 C0EE 6361 7C5E ED69  5C43 254B 391D 8CAC CBF8
uid           [ unknown] CloudFlare Software Packaging <[email protected]>

pub   dsa1024 2003-02-03 [SCA] [expired: 2022-02-16]
      A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
uid           [ expired] MySQL Release Engineering <[email protected]>

pub   rsa4096 2021-12-14 [SC] [expires: 2023-12-14]
      859B E8D7 C586 F538 430B  19C2 467B 942D 3A79 BD29
uid           [ unknown] MySQL Release Engineering <[email protected]>
sub   rsa4096 2021-12-14 [E] [expires: 2023-12-14]

/etc/apt/trusted.gpg.d/certbot_ubuntu_certbot.gpg
-------------------------------------------------
pub   rsa4096 2016-11-02 [SC]
      7BF5 7606 6ADA 6572 8FC7  E70A 8C47 BE8E 75BC A694
uid           [ unknown] Launchpad PPA for certbot

/etc/apt/trusted.gpg.d/ondrej-ubuntu-apache2.gpg
------------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg
--------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <[email protected]>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <[email protected]>

ls -l /etc/apt/sources.list.d

-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list
-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list.distUpgrade
-rw-r--r-- 1 root root 274 Mar 13  2020 certbot-ubuntu-certbot-xenial.list.save
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list.distUpgrade
-rw-r--r-- 1 root root  43 Mar 13  2020 cloudflare-main.list.save
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list.distUpgrade
-rw-r--r-- 1 root root  67 Mar 13  2020 digitalocean-agent.list.save
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list.distUpgrade
-rw-r--r-- 1 root root 137 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list
-rw-r--r-- 1 root root 135 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list.distUpgrade
-rw-r--r-- 1 root root 123 Apr  8 15:51 ondrej-ubuntu-php-xenial.list
-rw-r--r-- 1 root root 124 Apr  8 15:51 ondrej-ubuntu-php-xenial.list.distUpgrade
-rw-r--r-- 1 root root 125 Apr  8 19:11 signal-xenial.list
apt

1 个回答

  1. Best Answer

    此答案是matigo 用户在此处提供的答案的自定义。您需要从已弃用的密钥环中导出 GPG 密钥并将其存储在/usr/share/keyrings每个 repo 中。

    1. 让我们从 DigitalOcean 密钥开始。打开终端并导出9FE3 B226 BD77 5196 D8C2 E599 DE88 104A A4C6 383F密钥:

      sudo apt-key export A4C6383F | sudo gpg --dearmour -o /usr/share/keyrings/digitalocean-agent.gpg

      注意:A4C6383F值来自输出pub代码的最后 8 个字符。apt-key list

    2. 现在我们可以更新我们的 apt 源文件/etc/apt/sources.list.d/digitalocean-agent.list),添加一个signed-by标签。通过以下方式打开它:

      sudo -H gedit /etc/apt/sources.list.d/digitalocean-agent.list

      [arch=amd64 signed-by=/usr/share/keyrings/digitalocean-agent.gpg]并在deb关键字之后和 URL 之前添加标签。

      我不知道 的确切内容digitalocean-agent.list,但它最终应该类似于:

      deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] packages.microsoft.com/repos/edge stable main

    3. 运行sudo apt update以确认消息已消失

    4. 如果消息消失,请删除原始签名:

      sudo apt-key del A4C6383F

    5. 对 重复上述步骤cloudflare-main.list,生成从cloudflare-main.gpgkey 开始的8CACCBF8密钥。

    6. 对 重复上述步骤mysql.list,生成从mysql.gpgkey 开始的5072E1F5密钥。

    考虑到您收到的消息只是警告:如果出现问题,请按原样恢复文件并保留警告,它们无害。

    • 71

相关问题