从keyring.debian.org导入密钥失败

Question

使用apt update更新存储库失败，因为几个签名的公钥不可用。

$ sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease                                                                              
Hit:3 http://deb.debian.org/debian stretch Release                                                                                
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease                                                                           
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease                                                                            
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease                                                                       
Hit:8 http://ftp.fr.debian.org/debian stretch Release                                                                             
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]                                                         
Hit:9 https://riot.im/packages/debian stretch InRelease                                                                           
Hit:10 http://ftp.fr.debian.org/debian jessie Release                                                                             
Err:1 http://security.debian.org/debian-security stretch/updates InRelease                                                        
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]                                                           
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease                                           
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release                                             
Err:14 http://deb.debian.org/debian stretch Release.gpg                           
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done 
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-amd64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-amd64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

我试图在没有keyring.debian.org的情况下更新密钥

$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) " not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

并使用

$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

ca-certificates是20180409版的最新版本，debian-keyring是2018.03.24版的最新版本.

我还删除了/etc/apt/trusted.gpg和https://serverfault.com/q/851724一样。

@Stephen Kitt的请求：

$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root  4096 Jan  2 10:42 .
drwxr-xr-x 6 root root  4096 Jan  2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan  2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root  2796 Feb  6  2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root  2794 Feb  6  2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
  Installed: 2017.7ubuntu1
  Candidate: 2017.7ubuntu1
  Version table:
 *** 2017.7ubuntu1 500
        500 https://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
        500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
        100 /var/lib/dpkg/status
     2017.5 500
        500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
        500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        500 http://deb.debian.org/debian stretch/main i386 Packages
     2017.5~deb8u1 500
        500 http://ftp.fr.debian.org/debian jessie/main amd64 Packages
        500 http://ftp.fr.debian.org/debian jessie/main i386 Packages

如何解决导入正确密钥的问题？

Answer 1

您需要安装Debian的debian-archive-keyring版本，这是包含归档密钥的包。您现在有Ubuntu的。(debian-keyring包含开发人员的密钥。)

您可能必须使用手动下载并使用dpkg -i (作为根用户，或使用sudo)安装它。

作为一种长期修复，您应该从您的存储库中删除仿生，或者正确配置定位，使其在默认情况下不被用作升级候选。

Answer 2

如果什么都不起作用，请尝试如下：

apt update --allow-unauthenticated