安装带有apt的崇高文本由于丢失公钥而失败

Question

我正在使用下面链接的说明来安装易于安装的崇高文本。我有意地应用在Debian和Stackexchange页面上描述的连接到第三方存储库的方法，使用Sublime作为第三方回购的示例。

https://www.sublimetext.com/docs/linux_repositories.html

https://wiki.debian.org/DebianRepository/UseThirdParty

如何添加第三方回购。还有Debian的钥匙？

但是，在运行apt update时，我会收到有关加密密钥的以下错误：

The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

这就是我要做的：

下载密钥，将密钥从ascii转换为二进制，并将密钥移动到共享位置：

curl https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor > ~/Downloads/sublime-keyring.gpg
sudo mkdir -vp /usr/local/share/keyrings/
sudo mv -v ~/Downloads/sublime-keyring.gpg /usr/local/share/keyrings/sublime-keyring.gpg
sudo chown -v root:root /usr/local/share/keyrings/sublime-keyring.gpg
sudo chmod -v 0640 /usr/local/share/keyrings/sublime-keyring.gpg

创建源列表：

printf "deb [signed-by=/usr/local/share/keyrings/sublime-keyring.gpg] https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list

设置固定规则以限制回购使用：

printf "%s\n" "Package: *" "Pin: origin download.sublimetext.com" "Pin-Priority: 1" "" "Package: sublime-text" "Pin: origin download.sublimetext.com" "Pin-Priority: 500" | sudo tee /etc/apt/preferences.d/sublime-text.pref

然后运行sudo apt update，创建以下有关崇高文本回购的输出：

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                    
Err:1 https://download.sublimetext.com apt/stable/ InRelease                                                                                     
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

当我为gpg，sudo apt -o Debug::Acquire::gpgv=True update运行调试时，我得到了更多的详细信息：

Get:1 https://download.sublimetext.com apt/stable/ InRelease [2.536 B]                                                                   
0% [Waiting for headers] [Waiting for headers]inside VerifyGetSigners                                                                    
Preparing to exec:  /usr/bin/apt-key --quiet --readonly --keyring /usr/local/share/keyrings/sublime-keyring.gpg verify --status-fd 3 /tmp/apt.sig.zwA50y /tmp/apt.data.zbzsmw
Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG F57D4F59BD3DF454 1 8 01 1627009220 9 -

Got ERRSIG F57D4F59BD3DF454 !
Read: [GNUPG:] NO_PUBKEY F57D4F59BD3DF454

Got NO_PUBKEY F57D4F59BD3DF454 !
gpgv exited with status 2
Summary:
  Good: 
  Valid: 
  Bad: 
  Worthless: 
  SoonWorthless: 
  NoPubKey: NO_PUBKEY F57D4F59BD3DF454
  Signed-By: 
  NODATA: no
Err:1 https://download.sublimetext.com apt/stable/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454

W: GPG error: https://download.sublimetext.com apt/stable/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F57D4F59BD3DF454
E: The repository 'https://download.sublimetext.com apt/stable/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

我读到这意味着apt正确地传递了我下载的密钥的位置。这可能意味着gpg无法读取密钥的内容。或者，在脱甲过程中，钥匙不知怎么地被弄坏了，不再有预期的内容了。这纯粹是我的猜测。

当我检查小装甲钥匙sudo gpg --show-keys /usr/local/share/keyrings/sublime-keyring.gpg时，我得到以下信息，这似乎是正确的：

pub   rsa4096 2017-05-08 [SCEA]
      1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A
uid                      Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

键是可读的，尽管它没有提到F57D4F59BD3DF454。

那到底出了什么问题？我怎样才能让它正常工作？

Answer 1

我假设读取密钥文件的所有进程都有根访问权限--结果不是这样的。因此，将权限设置为0640会导致我报告的问题，而将它们设置为0644反而解决了我的问题。

因此，更新后的命令应该如下所示：

sudo chmod -v 0644 /usr/local/share/keyrings/sublime-keyring.gpg

通过这一更改，我能够使用问题中描述的过程来更新和安装崇高文本。

Answer 2

在卖主的指示之后，存储库升级对我不起作用。

“apt更新”之后的错误消息如下：

Certificate verification failed: The certificate is NOT trusted. The certificate chain uses expired certificate. Could not handshake: Error in the certificate verification. [IP: 104.236.0.104 443]

然而，解决办法非常简单。我将/etc/apt/sublime es.list.d/sublim-text.list文件中的https更改为http：

#deb https://download.sublimetext.com/ apt/stable/    
deb http://download.sublimetext.com/ apt/stable/

Answer 3

我可能遗漏了什么，但我不认为你需要用gpg做所有的步骤。这一行为我的系统安装密钥：

wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -

它在您提到的第一个URL中有很好的记录。