Debian

由於缺少公鑰,使用 apt 安裝 Sublime Text 失敗

  • October 9, 2021

我正在使用下面連結的說明來設置 apt 以安裝 sublime-text。我有意應用連接到 Debian 和 Stackexchange 頁面上描述的第三方儲存庫的方法,使用 Sublime 作為第三方儲存庫的範例。

https://www.sublimetext.com/docs/linux_repositories.html

https://wiki.debian.org/DebianRepository/UseThirdParty

如何添加第三方倉庫。並在 Debian 中鍵入?

但是,在執行時,apt update我收到有關加密密鑰的以下錯誤:

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

這就是我正在做的事情:

下載密鑰,將密鑰從 ascii 轉換為二進制,並將密鑰移動到共享位置:

curl https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor > ~/Downloads/sublime-keyring.gpg
sudo mkdir -vp /usr/local/share/keyrings/
sudo mv -v ~/Downloads/sublime-keyring.gpg /usr/local/share/keyrings/sublime-keyring.gpg
sudo chown -v root:root /usr/local/share/keyrings/sublime-keyring.gpg
sudo chmod -v 0640 /usr/local/share/keyrings/sublime-keyring.gpg

創建源列表:

printf "deb [signed-by=/usr/local/share/keyrings/sublime-keyring.gpg] https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list

設置固定規則以限制 repo 的使用:

printf "%s\n" "Package: *" "Pin: origin download.sublimetext.com" "Pin-Priority: 1" "" "Package: sublime-text" "Pin: origin download.sublimetext.com" "Pin-Priority: 500" | sudo tee /etc/apt/preferences.d/sublime-text.pref

然後我執行sudo apt update它創建以下關於 sublime text repo 的輸出:

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                    
Err:1 https://download.sublimetext.com apt/stable/ InRelease                                                                                     
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

當我使用 debug for gpg, 執行時sudo apt -o Debug::Acquire::gpgv=True update,我得到了更多詳細資訊:

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                   
0% [Waiting for headers] [Waiting for headers]inside VerifyGetSigners                                                                    
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /usr/local/share/keyrings/sublime-keyring.gpg verify --status-fd 3 /tmp/apt.sig.zwA50y /tmp/apt.data.zbzsmw
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG F57D4F59BD3DF454 1 8 01 1627009220 9 -

Got ERRSIG F57D4F59BD3DF454 !
Read: [GNUPG:] NO_PUBKEY F57D4F59BD3DF454

Got NO_PUBKEY F57D4F59BD3DF454 !
gpgv exited with status 2
Summary:
 Good: 
 Valid: 
 Bad: 
 Worthless: 
 SoonWorthless: 
 NoPubKey: NO_PUBKEY F57D4F59BD3DF454
 Signed-By: 
 NODATA: no
Err:1 https://download.sublimetext.com apt/stable/ InRelease
 The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

我讀到這意味著 apt 正確地傳遞了我下載的密鑰的位置。這可能意味著 gpg 無法讀取密鑰的內容。或者,也許鑰匙在拆裝過程中以某種方式損壞,不再具有預期的內容。這純粹是我的猜測。

當我檢查 Dearmored 鍵時sudo gpg --show-keys /usr/local/share/keyrings/sublime-keyring.gpg,我得到以下資訊,這似乎是正確的:

pub   rsa4096 2017-05-08 [SCEA]
     1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A
uid                      Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

密鑰是可讀的,儘管它沒有提到F57D4F59BD3DF454.

那麼出了什麼問題呢?我怎樣才能讓它正常工作?

我假設所有讀取密鑰文件的程序都具有 root 訪問權限 - 結果並非如此。因此,將權限設置為 0640 會導致我報告的問題,而將它們設置為 0644 則解決了我的問題。

所以更新後的命令應該如下所示:

sudo chmod -v 0644 /usr/local/share/keyrings/sublime-keyring.gpg

通過此更改,我能夠使用問題中描述的過程更新和安裝 Sublime Text。

按照供應商的說明,儲存庫升級對我不起作用。

‘apt update’ 後的錯誤消息如下:

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 104.236.0.104 443]

但是,解決方案非常簡單。我在 /etc/apt/sources.list.d/sublime-text.list 文件中將 https 更改為 http:

#deb https://download.sublimetext.com/ apt/stable/    
deb http://download.sublimetext.com/ apt/stable/

引用自:https://unix.stackexchange.com/questions/663617

相關問答

Debian

在 risc64 上設置 debian 歸檔密鑰:新密鑰但不包含使用者 ID

  • May 17, 2022
檢視問答
Debian

gpg:密鑰伺服器接收失敗:沒有目錄

  • March 16, 2022
檢視問答
Debian

gpg:密鑰伺服器接收失敗:伺服器指示失敗

  • March 2, 2022
檢視問答
Debian

驗證 Debian 10.5 的簽名返回錯誤“無法檢查簽名:無公鑰”

  • August 14, 2020
檢視問答
Debian

GPG 密鑰新密鑰但不包含使用者 ID

  • June 21, 2020
檢視問答
Debian

如何添加第三方倉庫。並在 Debian 中鍵入?

  • April 28, 2020
檢視問答