apt 的 invalid signatures / public key is not available (NO_PUBKEY/EXPKEYSIG/KEYEXPIRED) 問題處理方式

症狀 – apt / apt-get 操作時出現以下錯誤:

Err:4 https://dl.winehq.org/wine-builds/ubuntu xenial InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
Reading package lists... Done
W: GPG error: https://dl.winehq.org/wine-builds/ubuntu xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
E: The repository 'https://dl.winehq.org/wine-builds/ubuntu xenial InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.torproject.org/torproject.org bionic InRelease: The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Failed to fetch https://deb.torproject.org/torproject.org/dists/bionic/InRelease  The following signatures were invalid: EXPKEYSIG 74A941BA219EC810 deb.torproject.org archive signing key
W: Some index files failed to download. They have been ignored, or old ones used instead.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://apt.puppetlabs.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7F438280EF8D349F
W: Failed to fetch http://apt.puppetlabs.com/dists/trusty/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.

可以看到上面缺的 key 分別是 76F1A20FF987672F74A941BA219EC8107F438280EF8D349F ,這種情況有可能是新增了新的 apt repository 但沒有對應的 key,或是舊有的 apt repository 所使用的 key已經過期了

通常可以到對應軟體提供者的網站上找到正確的 key ,並放到 /etc/apt/trusted.gpg 這個檔案、或 /etc/apt/trusted.gpg.d 目錄下,或是透過 apt-key 的指令從 keyserver 進行下載匯入,像是這樣(以 Yarn 和 Google Cloud 的套件庫為例):

  • curl -sS https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add –
  • curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -

我們也可以透過將有問題/闕漏的 key 直接拿去問 OpenPGP keyserver ,透過 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys XXXXXXXX 的指令,像這樣:

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
Executing: /tmp/apt-key-gpghome.VyE6MFMrnc/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 7F438280EF8D349F
gpg: key 7F438280EF8D349F: public key "Puppet, Inc. Release Key (Puppet, Inc. Release Key) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
Executing: /tmp/apt-key-gpghome.lRWvuhWnPw/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810
gpg: key EE8CBC9E886DDD89: public key "deb.torproject.org archive signing key" imported
gpg: Total number processed: 1
gpg:               imported: 1
閱讀全文

在 Debian / Ubuntu GNU/Linux 底下找出特定命令 / 程式的來源套件

在 Debian / Ubuntu based GNU/Linux 底下做事有個很棒的優點,有太多工具可以透過 apt 套件庫來進行安裝,重灌電腦的時候只要透過 apt 或 apt-get 就可以把一大半會需要用到的工具給裝起來,不過有時候可能邊摸索邊上網查資料來看某工具要怎麼用,一骨腦裝完卻沒作筆記,日後要準備重灌時卻想不起來該裝什麼套件才能把要用到的命令找回來,窘 …

如果你有安裝 command-not-found 這個套件,在 bash shell 底下如果執行了找不到的命令,除了常見的 blah: command not found,他還會有很貼心的提示使用者應該安裝哪個缺漏的套件,像這樣:

$ kvm
 The program 'kvm' is currently not installed. You can install it by typing:
 sudo apt install qemu-kvm

上面範例為我執行了一個不存在的命令 – kvm ,然後 command-not-found 這套工具建議我去裝 qemu-kvm 這個套件,裝完後就會有 kvm 這個命令可以使用了,如果同時存在不只一個套件包含了同樣的命令,command-not-found 這套工具一樣會很好心的幫我們列出來,例如:

$ sar
 The program 'sar' can be found in the following packages:
  * sysstat
  * atsar
 Ask your administrator to install one of them

就算是找不到 100% 符合的命令,command-not-found 也會很好心的列出其他參考,例如:

$ gitx
 No command 'gitx' found, did you mean:
  Command 'gitg' from package 'gitg' (universe)
  Command 'git' from package 'git' (main)
  Command 'gitk' from package 'gitk' (main)
 gitx: command not found

不過上述的功能僅限於我們沒有正確的安裝對應的套件才能使用,如果是套件已經裝起來了的時候呢?例如我工具都已經裝好了,只是想確認某個命令是從哪裡來的,要做個筆記而已,這種情況很常見的啊,例如遇到問題跑去問 Google ,看到一堆解法,一個不行換一個,換到可以的解法的時候可能已經 apt-get install 不知道多少次了,已經忘記剛剛的命令到底是從哪邊來的了XD

還好 dpkg 有個強大的搜尋功能,可以讓我們從已經安裝的套件中搜尋出他們到底包含了哪些檔案,底下是從 Ubuntu 16.04.1 裏面擷取的 dpkg manpage:

-S, –search filename-search-pattern…
Search for a filename from installed packages.

使用方式為:

$ dpkg -S '檔案路徑/名稱'

要透過 dpkg -S 來找命令對應所屬的套件,只要把命令的完整路徑丟給他就可以了,命令的完整路徑我們可以透過 type 或 which 這兩個指令來確認,例如:

$ type whoami
whoami is /usr/bin/whoami
$ which whoami
/usr/bin/whoami

從上面的輸出我們可以知道 whoami 這個命令的完整路徑是 /usr/bin/whoami ,再把 /usr/bin/whoami 拿去 dpkg 查詢就可以了!例如:

$ dpkg -S '/usr/bin/whoami'
coreutils: /usr/bin/whoami
$ dpkg -S '/usr/bin/curl'
curl: /usr/bin/curl

或是直接

$ dpkg -S "$(which whoami)"
coreutils: /usr/bin/whoami
$ dpkg -S "$(which curl)"
curl: /usr/bin/curl

從上面的結果我們可以發現 curl 這個命令是從 curl 這個套件來的, whoami 這個命令則是從 coreutils 這個套件來的,如果你查詢的是還沒有安裝或是不是透過 apt / dpkg 套件管理工具安裝的命令,那就沒辦法了:

$ dpkg -S '/usr/bin/kvm'
dpkg-query: no path found matching pattern /usr/bin/kvm

要注意的是

1. which 跟 type 輸出的格式不太一樣,type 的輸出結果因為多了 blah is … ,所以還需要經過處理把前面那段拿掉才有辦法餵給 dpkg ,而 which 因為是直接出出路徑所以沒有這問題

2. 這邊如果輸入的不是完整路徑,則可能會出現一堆其他不相關的東西,例如:

$ dpkg -S 'whoami'
 bash-completion: /usr/share/bash-completion/completions/ldapwhoami
 coreutils: /usr/share/man/man1/whoami.1.gz
 coreutils: /usr/bin/whoami

因為 dpkg 會直接把所有完整路徑裏面符合輸入字串的部份都印出來,所以像是 whoami 的 manpage 以及 bash-completion 的自動補齊指令都被列出來了。

好了,這篇筆記雖然短,可我覺得很實用,哪天失憶或是被問問題的時候就可以把這篇丟出來,這就是做筆記最大的用途 … :D

How to find reverse dependency on Debian/Ubuntu based GNU/Linux?

List all the reverse depends of certain package:

$ apt-cache rdepends pkg_name

For example:

$ apt-cache rdepends vde2

And you’ll get result like this:

vde2
Reverse Depends:
virtualbox
qemu-system-x86
qemu-system-sparc
qemu-system-ppc
qemu-system-misc
qemu-system-mips
qemu-system-arm
user-mode-linux
virtualbricks
virtualbox
vdetelweb
libvde-dev
libvde-dev
user-mode-linux
qemu-kvm
qemu-system
liblwipv6-2

More details via $ apt-cache showpkg pkg_name

Package: vde2
Versions:
2.3.2-4 (/var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_binary-amd64_Packages) (/var/lib/dpkg/status)
Description Language:
File: /var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_binary-amd64_Packages
MD5: c1d59c710a94c274459c01b82f926c5a
Description Language: en
File: /var/lib/apt/lists/opensource.nchc.org.tw_debian_dists_wheezy_main_i18n_Translation-en
MD5: c1d59c710a94c274459c01b82f926c5a

Reverse Depends:
virtualbox,vde2
qemu-system-x86,vde2
qemu-system-sparc,vde2
qemu-system-ppc,vde2
qemu-system-misc,vde2
qemu-system-mips,vde2
qemu-system-arm,vde2
user-mode-linux,vde2
virtualbricks,vde2
virtualbox,vde2
vdetelweb,vde2
libvde-dev,vde2 2.3.2-1
libvde-dev,vde2 2.3.2-1
user-mode-linux,vde2
qemu-kvm,vde2
qemu-system,vde2
liblwipv6-2,vde2
Dependencies:
2.3.2-4 – adduser (0 (null)) libc6 (2 2.7) libpcap0.8 (2 0.9.8) libvde0 (0 (null)) libvdeplug2 (0 (null)) vde2-cryptcab (0 (null)) qemu-kvm (0 (null)) qemu (0 (null)) vde (0 (null))
Provides:
2.3.2-4 –
Reverse Provides:

If we only want to know the installed dependencies, ask aptitude:

$ aptitude why vde2

It’ll tell us:

i qemu Depends qemu-system (>= 1.1.2+dfsg-6a+deb7u6)
i A qemu-system Recommends vde2

What about recursive depends? Try $ apt-rdepends --reverse pkg_name !
(Install via apt-get install apt-rdepends)

PS: reverse-depends has similar feature, but it’s in ubuntu-dev-tools, which depends on toooooo many packages, so I’ll not suggest you to use it for just finding the dependencies.

Ubuntu 好用 PPA (Personal Package Archives) 蒐集整理

PPA基本上就是一些官方沒收錄或是遠比官方還新的套件來源
但不用開發者自己架apt server而是丟在Launchpad,而且很容易新增/移除repository

用法:
sudo add-apt-repository ppa:PPA_NAME
(或是搭配add-apt-ppa使用)

筆記一些實用的ppa…有空慢慢補

apt-fast:
ppa:apt-fast/stable
PS: 這個repository作者沒有更新到ubuntu 14.04的deb package, 可以手動抓其他版本的來用, 因為只是很簡單的script, 並無相依性問題
或是可以參考另外一個ppa:saiarcot895/myppa (https://launchpad.net/~saiarcot895/+archive/ubuntu/myppa)

notepadqq:
ppa:notepadqq-team/notepadqq

google-drive-ocamlfuse:
ppa:alessandro-strada/ppa

nginx:
ppa:nginx/development (mainline)
ppa:nginx/stable

git:
ppa:git-core/ppa

qupziila:
ppa:nowrep/qupzilla

freerdp:
ppa:9v-shaun-42/freerdp-git

ppa:ikuya-fruitsbasket/freerdp

JDownloader:
ppa:jd-team/jdownloader

Wine:
ppa:ubuntu-wine/ppa

Transmission:
ppa:transmissionbt/ppa

Fish shell
ppa:fish-shell/release-2