主页 / ubuntu / 问题 / 1407632
Accepted
heynnema
Asked: 2022-05-10 13:12:32 +0800 CST

密钥存储在旧的trusted.gpg 密钥环(/etc/apt/trusted.gpg)中

  • 772

我刚刚从 Ubuntu 21.10 升级到 22.04。

sudo apt update以以下警告结束...

W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Synaptic在重新加载时显示相同的警告。

审查man apt-key并没有为我澄清这一点。

认为这是因为 Ubuntu 22.04 已经从使用 /etc/apt/trusted.gpg 转变为使用位于 /etc/apt/trusted.gpg.d 中的单个 .gpg 文件。

这些密钥可以从一个转换为另一个,还是我必须删除这些密钥并重新导入它们?

gnupg

6 个回答

  1. Best Answer

    sudo apt update修复由...生成的这些警告消息的简单方法

    W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    注意:这些警告消息可以由“其他软件”选项卡中任何启用的repo 或 ppa生成。Software & Updates

    示例修复:

    对于此警告消息sudo apt update...

    W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

    我们查看sudo apt-key list并找到 xbmc 的此条目...

    pub   rsa1024 2009-01-20 [SC]
      1897 01DA 570C 56B9 488E  F60A 6D97 5C47 91E7 EE5E
uid           [ unknown] Launchpad PPA for XBMC for Linux

    然后我们将此条目转换为 .gpg 文件,使用上面的最后 8 个数字字符...

    sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg

    对生成的每条警告消息重复上述命令sudo apt update

    注意:部分取自此处此处已接受的答案。

    • 63

  2. 移至 22.04 后遇到此问题,并想添加我的解决方案。我有很多需要更新/转换的密钥。这不是最佳解决方案,但效果很好。

    将所有不推荐使用的密钥转换为新格式的单行器。

    在运行它之前,请花点时间了解您在这里做什么!还要确保你的 bash 不是太旧。我的 bash 版本:GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)

    for KEY in $( \
    apt-key list \
    | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" \
    | tr -d " " \
    | grep -E "([0-9A-F]){8}\b" \
); do
    K=${KEY:(-8)}
    apt-key export $K \
    | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg
done

    解释:

    1. 检索已知键的列表。

    apt键列表

    1. 找出前面有 1 或 2 个空格且长度为 4 个字符的所有十六进制字符分组。获取每行有 10 个分组的集合。这提供了完整的密钥签名。

    grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})"

    1. 修剪掉(删除)找到的每一行上的所有空格,以便键签名不会被空格打断。

    tr -d""

    1. 抓取每行的最后 8 个字符。

    grep -E "([0-9A-F]){8}\b"

    现在我们有一组键后缀,每个长度为 8 个字符。

    1. 循环遍历每个键后缀,将当前后缀放入KEY变量中。

    对于 $(...) 中的 KEY;做

    1. 将最后 8 个字符分配给变量K

    K=${KEY:(-8)};

    1. 导出与签名匹配的密钥K并将其传递/管道gpg以正确存储它。

    apt-key 导出 $K | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg

    1. 循环直到处理完所有键。

    完毕

    1. 不再享受弃用警告。

    特别感谢 heynnema 的解决方案是其核心。

    • 18

  3. 对我有用的是:

    mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/
    • 7

  4. 我已经将@heynnema 的答案变成了一个函数,您可以将其放在下面.bashrc以方便起见。这需要两个参数:输出 GPG 文件的密钥(最后 8 个字符)和目标文件名。

    function apt-key-migrate {
  typeset key="$1"
  typeset dest="$2"

  if [ -z "$key" ] || [ -z "$dest" ];
  then
    echo "Usage: apt-key-migrate <key> <destination>"
    return 1
  fi

  sudo apt-key export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
}

    例子:apt-key-migrate 91E7EE5E team-xbmc

    • 1

  5. apt-key已弃用,应在 Ubuntu 22.04 上长期替换。

    当您需要它时,您可以使用以下命令删除现有密钥:

    apt-key list


    apt-key del YOUR-KEY

    使用以下命令导入您的密钥:

    curl https://yourrepo.com/repo.key | gpg --dearmor | sudo dd of=/usr/local/share/keyrings/your-repo.gpg

    将签名添加到 /etc/apt/sources.list.d/your.list

    deb [signed-by=/usr/local/share/keyrings/your-repo.gpg]  https://yourepo./ubuntu jammy main

    有关手册的更多详细信息:
    链接

    这里也有很好的细节: 链接

    • 0

  6. 我修改了@Frank 的函数以从旧的trusted.gpg 中删除密钥以避免重复。

    function apt-key-migrate {
    typeset key="$1"
    typeset dest="$2"

    if [ -z "$key" ] || [ -z "$dest" ];
    then
        echo "Usage: apt-key-migrate <key> <destination>"
        return 1
    fi

    sudo apt-key --keyring /etc/apt/trusted.gpg export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
    sudo apt-key --keyring /etc/apt/trusted.gpg del $key
}
    • 0

相关问题