症狀 – apt / apt-get 操作時出現以下錯誤:
Err:4 https://dl.winehq.org/wine-builds/ubuntu xenial InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
Reading package lists... Done
W: GPG error: https://dl.winehq.org/wine-builds/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu xenial InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.torproject.org/torproject.org bionic InRelease: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Failed to fetch https://deb.torproject.org/torproject.org/dists/bionic/InRelease The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://apt.puppetlabs.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7F438280EF8D349F
W: Failed to fetch http://apt.puppetlabs.com/dists/trusty/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.
可以看到上面缺的 key 分別是 76F1A20FF987672F
、74A941BA219EC810
和 7F438280EF8D349F
,這種情況有可能是新增了新的 apt repository 但沒有對應的 key,或是舊有的 apt repository 所使用的 key已經過期了
通常可以到對應軟體提供者的網站上找到正確的 key ,並放到 /etc/apt/trusted.gpg
這個檔案、或 /etc/apt/trusted.gpg.d
目錄下,或是透過 apt-key
的指令從 keyserver 進行下載匯入,像是這樣(以 Yarn 和 Google Cloud 的套件庫為例):
curl -sS https://packages.cloud.google.com/apt/doc/apt-key.gpg |
sudo
apt-key add –curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
我們也可以透過將有問題/闕漏的 key 直接拿去問 OpenPGP keyserver ,透過 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys XXXXXXXX
的指令,像這樣:
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
Executing: /tmp/apt-key-gpghome.VyE6MFMrnc/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
gpg: key 7F438280EF8D349F: public key "Puppet, Inc. Release Key (Puppet, Inc. Release Key) <release@puppet.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
Executing: /tmp/apt-key-gpghome.lRWvuhWnPw/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
gpg: key EE8CBC9E886DDD89: public key "deb.torproject.org archive signing key" imported
gpg: Total number processed: 1
gpg: imported: 1
閱讀全文