debian下apt-update ”GPG error解决

cnhnln

www1:~# aptitude update
Reading package lists... Done
Building dependency tree... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
Building tag database... Done
Get:1 http://ftp2.jp.debian.org sid Release.gpg [189B]
Hit http://ftp2.jp.debian.org sid Release
Err http://ftp2.jp.debian.org sid Release

Get:2 http://ftp2.jp.debian.org sid Release [38.3kB]
Get:3 http://ftp.debian-unofficial.org sid Release.gpg [191B]
Ign http://exodus.xmms.se stable Release.gpg
Ign http://ftp2.jp.debian.org sid Release
Ign http://debian.okey.net ./ Release.gpg
Hit http://ftp2.jp.debian.org sid/main Packages
Hit http://ftp.debian-unofficial.org sid Release
Ign http://exodus.xmms.se stable Release
Hit http://ftp2.jp.debian.org sid/non-free Packages
Hit http://ftp2.jp.debian.org sid/contrib Packages
Ign http://debian.okey.net ./ Release
Hit http://ftp.debian-unofficial.org sid/main Packages
Get:4 http://exodus.xmms.se stable/main Packages [2713B]
Hit http://ftp.debian-unofficial.org sid/contrib Packages
Hit http://ftp.debian-unofficial.org sid/non-free Packages
Hit http://debian.okey.net ./ Packages
Hit http://ftp.debian-unofficial.org sid/restricted Packages
Ign http://debian.ustc.edu.cn sid Release.gpg
Hit http://debian.ustc.edu.cn sid Release
Hit http://debian.ustc.edu.cn sid/marillat Packages
Hit http://debian.ustc.edu.cn sid/misc Packages
Hit http://debian.ustc.edu.cn sid/rareware Packages
Hit http://debian.ustc.edu.cn sid/ustc Packages
Fetched 41.2kB in 37s (1092B/s)
Reading package lists... Done
W: GPG error: http://ftp2.jp.debian.org sid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
W: You may want to run apt-get update to correct these problems

[code:1]
wget http://ftp-master.debian.org/ziyi_key_2006.asc -O - | apt-key add -     (replace 2006 with current year)
[/code:1]
或者
[code:1]
wget http://ftp-master.debian.org/ziyi_key_`date +%Y`.asc -O - | apt-key add -
[/code:1]
然后 “apt-key list” 就可以看到鸟

www1:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   1024D/4B2B2B9E 2004-06-20
uid                  Daniel Baumann <[email protected]>
sub   1024g/19ED1B2F 2004-06-20

pub   1024D/2D230C5F 2006-01-03 [expires: 2007-02-07]
uid                  Debian Archive Automatic Signing Key (2006) <[email protected]>

参见： http://www.debian.org/doc/manuals/securing-debian-howto/ch7.en.html#s-deb-pack-sign

cnhnln

7.4.3.6 Finding the key for a repository

There is not yet a standard location where you can find the key for a given apt repository. There's a rough standard of putting the key up on the web page for the repository or as a file in the repository itself, but no real standard, so you might have to hunt for it.

The Debian archive signing key is available at http://ftp-master.debian.org/ziyi_key_2006.asc (replace 2006 with current year). ("ziyi" is apparently a name of a Chinese actress.)

gpg itself has a standard way to distribute keys, using a keyserver that gpg can download a key from and add it to its keyring. For example:

     $ gpg --keyserver pgpkeys.mit.edu --recv-key 2D230C5F
     gpg: requesting key 2D230C5F from hkp server pgpkeys.mit.edu
     gpg: key 2D230C5F: public key "Debian Archive Automatic Signing Key (2006) <ftpm
     [email protected]>" imported
     gpg: Total number processed: 1
     gpg:               imported: 1

You can then export that key from your own keyring and feed it to apt-key:

     $ gpg -a --export 2D230C5F | sudo apt-key add -
     gpg: no ultimately trusted keys found
     OK

The "gpg: no ultimately trusted keys found" warning means that gpg was not configured to ultimately trust a specific key. Trust settings are part of OpenPGPs Web-of-Trust which does not apply here. So there is no problem with this warning. In usual setups the users own key is ultimately trusted.)

俺们的子怡妹子 ─_─！

cnhnln

http://wiki.debian.org/SecureApt