如何修复丢失的gpg键，即使它应该已经导入？

Question

我正在改变我在一堆机器上安装正如这里所指出的的方式。它在其中一个上工作得很好，但这个却表现得很奇怪。

我进口了钥匙：

sudo apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.uUGtmucAUd --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/atareao-telegram.gpg --keyring /etc/apt/trusted.gpg.d/neovim-ppa-unstable.gpg --keyring /etc/apt/trusted.gpg.d/nilarimogard-webupd8.gpg --keyring /etc/apt/trusted.gpg.d/ondrej-php-7_0.gpg --keyring /etc/apt/trusted.gpg.d/shutter-ppa.gpg --keyring /etc/apt/trusted.gpg.d/trustdb.gpg --keyring /etc/apt/trusted.gpg.d/trusted.gpg --keyring /etc/apt/trusted.gpg.d/vincent-c-ponysay.gpg --keyring /etc/apt/trusted.gpg.d/webupd8team-y-ppa-manager.gpg --keyring /etc/apt/trusted.gpg.d/xorg-edgers-ppa.gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
gpg: requesting key 2C52609D from hkp server pgp.mit.edu
gpg: [don't know]: invalid packet (ctb=01)
gpg: keydb_get_keyblock failed: eof
gpg: key 2C52609D: public key "Docker Release Tool (releasedocker) <docker@docker.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

然而，由于缺少键，sudo apt-get update仍然失败：

w: GPG error: https://apt.dockerproject.org ubuntu-trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F76221572C52609D

我遗漏了什么？

我也尝试了当前提供的答案，但是在删除trusted.gpg文件之后，我无法用

root@fluttershy:/etc/apt# rm trusted.gpg
root@fluttershy:/etc/apt# apt-key update
gpg: [don't know]: invalid packet (ctb=01)
gpg: keydb_get_keyblock failed: eof
gpg: key 437D05B5: public key "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" imported
gpg: [don't know]: invalid packet (ctb=01)
gpg: keydb_get_keyblock failed: eof
gpg: key FBB75451: public key "Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>" imported
gpg: [don't know]: invalid packet (ctb=01)
gpg: keydb_get_keyblock failed: eof
gpg: key C0B21F32: public key "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" imported
gpg: [don't know]: invalid packet (ctb=01)
gpg: keydb_get_keyblock failed: eof
gpg: key EFE21092: public key "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>" imported
gpg: Total number processed: 4
gpg:               imported: 4  (RSA: 2)
root@fluttershy:/etc/apt#

Answer 1

gpg在invalid packet (ctb=01)/keydb_get_keyblock failed: eof方面失败了。这通常意味着你的GPG钥匙圈损坏了。解决问题的最快方法是删除它，或者从备份中恢复它。

下面是一些方便您使用的命令：

• 列出当前在APT键环中的所有键:apt键列表
• 从APT自动备份恢复trusted.gpg：cp /etc/apt/trud.gpg{~，}
• 删除trusted.gpg并使用Ubuntu存档的键重新创建它: rm /etc/apt/trud.gpg apt更新

在我使用过的所有命令中，都使用了/etc/apt/trusted.gpg，但请注意，/etc/apt/trusted.gpg.d/中可能还有其他密钥环。

APT同时使用所有的键环，通过检查输出可以看到：

Executing: gpg [...] \
  --keyring /etc/apt/trusted.gpg \
  --primary-keyring /etc/apt/trusted.gpg \
  --keyring /etc/apt/trusted.gpg.d/atareao-telegram.gpg \
  --keyring /etc/apt/trusted.gpg.d/neovim-ppa-unstable.gpg \
  --keyring /etc/apt/trusted.gpg.d/nilarimogard-webupd8.gpg \
  [...]

有一个损坏的钥匙圈使GPG伤心，没有一个钥匙环(即使是好的)是可信的。因此，没有考虑到任何一个键。

Answer 2

具体来说，对于Docker 58118E89F3A912897C070ADBF76221572C52609D添加密钥服务器：

sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D