apt 的 invalid signatures / public key is not available (NO_PUBKEY/EXPKEYSIG/KEYEXPIRED) 問題處理方式

症狀 – apt / apt-get 操作時出現以下錯誤:

Err:4 https://dl.winehq.org/wine-builds/ubuntu xenial InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
Reading package lists... Done
W: GPG error: https://dl.winehq.org/wine-builds/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu xenial InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.torproject.org/torproject.org bionic InRelease: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Failed to fetch https://deb.torproject.org/torproject.org/dists/bionic/InRelease  The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://apt.puppetlabs.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7F438280EF8D349F
W: Failed to fetch http://apt.puppetlabs.com/dists/trusty/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.

可以看到上面缺的 key 分別是 76F1A20FF987672F74A941BA219EC8107F438280EF8D349F ,這種情況有可能是新增了新的 apt repository 但沒有對應的 key,或是舊有的 apt repository 所使用的 key已經過期了

通常可以到對應軟體提供者的網站上找到正確的 key ,並放到 /etc/apt/trusted.gpg 這個檔案、或 /etc/apt/trusted.gpg.d 目錄下,或是透過 apt-key 的指令從 keyserver 進行下載匯入,像是這樣(以 Yarn 和 Google Cloud 的套件庫為例):

  • curl -sS https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add –
  • curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -

我們也可以透過將有問題/闕漏的 key 直接拿去問 OpenPGP keyserver ,透過 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys XXXXXXXX 的指令,像這樣:

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
Executing: /tmp/apt-key-gpghome.VyE6MFMrnc/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
gpg: key 7F438280EF8D349F: public key "Puppet, Inc. Release Key (Puppet, Inc. Release Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
Executing: /tmp/apt-key-gpghome.lRWvuhWnPw/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
gpg: key EE8CBC9E886DDD89: public key "deb.torproject.org archive signing key" imported
gpg: Total number processed: 1
gpg:               imported: 1
閱讀全文

How to find reverse dependency on Debian/Ubuntu based GNU/Linux?

List all the reverse depends of certain package:

$ apt-cache rdepends pkg_name

For example:

$ apt-cache rdepends vde2

And you’ll get result like this:

vde2
Reverse Depends:
virtualbox
qemu-system-x86
qemu-system-sparc
qemu-system-ppc
qemu-system-misc
qemu-system-mips
qemu-system-arm
user-mode-linux
virtualbricks
virtualbox
vdetelweb
libvde-dev
libvde-dev
user-mode-linux
qemu-kvm
qemu-system
liblwipv6-2

More details via $ apt-cache showpkg pkg_name

Package: vde2
Versions:
2.3.2-4 (/var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_binary-amd64_Packages) (/var/lib/dpkg/status)
Description Language:
File: /var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_binary-amd64_Packages
MD5: c1d59c710a94c274459c01b82f926c5a
Description Language: en
File: /var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_i18n_Translation-en
MD5: c1d59c710a94c274459c01b82f926c5a

Reverse Depends:
virtualbox,vde2
qemu-system-x86,vde2
qemu-system-sparc,vde2
qemu-system-ppc,vde2
qemu-system-misc,vde2
qemu-system-mips,vde2
qemu-system-arm,vde2
user-mode-linux,vde2
virtualbricks,vde2
virtualbox,vde2
vdetelweb,vde2
libvde-dev,vde2 2.3.2-1
libvde-dev,vde2 2.3.2-1
user-mode-linux,vde2
qemu-kvm,vde2
qemu-system,vde2
liblwipv6-2,vde2
Dependencies:
2.3.2-4 – adduser (0 (null)) libc6 (2 2.7) libpcap0.8 (2 0.9.8) libvde0 (0 (null)) libvdeplug2 (0 (null)) vde2-cryptcab (0 (null)) qemu-kvm (0 (null)) qemu (0 (null)) vde (0 (null))
Provides:
2.3.2-4 –
Reverse Provides:

If we only want to know the installed dependencies, ask aptitude:

$ aptitude why vde2

It’ll tell us:

i qemu Depends qemu-system (>= 1.1.2+dfsg-6a+deb7u6)
i A qemu-system Recommends vde2

What about recursive depends? Try $ apt-rdepends --reverse pkg_name !
(Install via apt-get install apt-rdepends)

PS: reverse-depends has similar feature, but it’s in ubuntu-dev-tools, which depends on toooooo many packages, so I’ll not suggest you to use it for just finding the dependencies.

dpkg: error: parsing file ‘/var/lib/dpkg/available’ near line N

好像是因為上一次用apt-get在安裝套件的時候意外中斷造成的

剛剛在裝irssi來掛IRC的時候就卡在這…


peterdavehello@vm-0:~$ sudo apt-get install irssi
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libperl5.14
Suggested packages:
irssi-scripts
The following NEW packages will be installed:
irssi libperl5.14
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/902 kB of archives.
After this operation, 2,446 kB of additional disk space will be used.
Do you want to continue [Y/n]?
dpkg: error: parsing file '/var/lib/dpkg/available' near line 63:
missing package name
E: Sub-process /usr/bin/dpkg returned an error code (2)

解法:
peterdavehello@vm-0:~$ sudo dpkg --clear-avail
搞定收工!