「APT」- The following signatures were invalid

  CREATED BY JENKINSBOT

问题描述

该笔记将记录:在 Linux 中,与 APT Key 密钥有关的问题,以及常见问题的解决方案。

The following signatures were invalid

Unsigned repository for Kali Linux so I can’t update. Kind of stuck and need some help here

问题描述

在执行 apt-get update 命令时,产生如下错误:

Hit:1 https://packages.microsoft.com/ubuntu/16.04/prod xenial InRelease
Get:2 http://mirrors.ustc.edu.cn/kali kali-rolling InRelease [30.5 kB]
Hit:3 http://repo.steampowered.com/steam precise InRelease
Hit:4 https://packages.microsoft.com/ubuntu/16.04/mssql-server xenial InRelease
Hit:5 https://packages.microsoft.com/repos/vscode stable InRelease
Err:2 http://mirrors.ustc.edu.cn/kali kali-rolling InRelease
  The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
Hit:6 http://repository.spotify.com stable InRelease
Hit:7 http://repo.yandex.ru/yandex-browser/deb beta InRelease
Hit:8 https://repo.skype.com/deb stable InRelease
Ign:9 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:10 http://dl.google.com/linux/chrome/deb stable Release
Hit:12 https://deb.opera.com/opera-stable stable InRelease
Reading package lists... Done
W: GPG error: http://mirrors.ustc.edu.cn/kali kali-rolling InRelease: The following signatures were invalid: EXPKEYSIG ED444FF07D8D0BF6 Kali Linux Repository <devel@kali.org>
E: The repository 'http://mirrors.ustc.edu.cn/kali kali-rolling InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

问题原因

密钥过期,需要重新添加。

解决办法

wget -q -O - archive.kali.org/archive-key.asc | apt-key add

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY …

gnupg – How to add a GPG key to the apt sources keyring? – Ask Ubuntu
updates – How to fix missing GPG keys? – Ask Ubuntu

问题描述

在执行 apt-get update 命令时,产生如下错误:

# apt-get update
...
Reading package lists... Done
E: The repository 'http://ppa.launchpad.net/deadsnakes/ppa/ubuntu hirsute Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
...

原因分析

这是因为我们没有导入正确的 GPG Key 而产生的错误。

解决方案

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "<Public Key>" # 将 <Public Key> 替换为公钥,这里应是 3B4FE6ACC0B21F32 字符串
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.H6uxKa3sXF/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
gpg: key 3B4FE6ACC0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

或者,从原的官方仓库添加 Key 信息:

# wget -qO - https://deb.opera.com/archive.key | sudo apt-key add -

# apt-key adv --fetch-keys http://deb.opera.com/archive.key