为什么设置umask
为会导致安装包0077
时gpg 公钥不可用,例如。apt
umask 0077
curl -fsSLo /usr/share/keyrings/brave-browser-beta-archive-keyring.gpg https://brave-browser-apt-beta.s3.brave.com/brave-browser-beta-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-beta-archive-keyring.gpg] https://brave-browser-apt-beta.s3.brave.com/ stable main">/etc/apt/sources.list.d/brave-browser-beta.list
apt update
apt install brave-browser-beta
上述操作不起作用,我得到了这个输出:
Err:4 https://brave-browser-apt-beta.s3.brave.com stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0B31DBA06A8A26F9
Reading package lists... Done
W: GPG error: https://brave-browser-apt-beta.s3.brave.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0B31DBA06A8A26F9
E: The repository 'https://brave-browser-apt-beta.s3.brave.com stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
这确实有效:
umask 0022
curl -fsSLo /usr/share/keyrings/brave-browser-beta-archive-keyring.gpg https://brave-browser-apt-beta.s3.brave.com/brave-browser-beta-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-beta-archive-keyring.gpg] https://brave-browser-apt-beta.s3.brave.com/ stable main">/etc/apt/sources.list.d/brave-browser-beta.list
apt update
apt install brave-browser-beta
为什么设置umask
为0077
(然后下载公钥) 会导致 apt 无法使用 gpg 公钥?密钥是作为 下载的root
,因此被执行apt update
,那么为什么会出现这个问题?
apt
默认情况下,使用沙盒用户运行与下载相关的操作_apt
。我现在无法检查,但密钥验证也可能apt update
使用此用户完成,这意味着密钥必须可由用户读取_apt
。请参阅为什么目录权限阻止使用文件“sudo apt install”?以了解类似的问题。