Ubuntu 22.04 更新后，密钥存储在传统的 trusted.gpg 密钥环中。

Question

Ubuntu 22.04 更新后，密钥存储在传统的 trusted.gpg 密钥环中。

104

我在Digital Ocean的LAMP堆栈droplet上进行Ubuntu 22.04更新后收到了3个警告。

W: http://repo.mysql.com/apt/ubuntu/dists/bionic/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: https://repos.insights.digitalocean.com/apt/do-agent/dists/main/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://pkg.cloudflare.com/dists/trusty/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

如何将键移到正确的位置并删除旧键？

编辑

sudo apt-key list

pub   rsa2048 2016-02-17 [SC]
      9FE3 B226 BD77 5196 D8C2  E599 DE88 104A A4C6 383F
uid           [ unknown] DigitalOcean Insights Engineering <sonar-agent@digitalocean.com>
sub   rsa2048 2016-02-17 [E]

pub   rsa2048 2015-01-28 [SC]
      FBA8 C0EE 6361 7C5E ED69  5C43 254B 391D 8CAC CBF8
uid           [ unknown] CloudFlare Software Packaging <help@cloudflare.com>

pub   dsa1024 2003-02-03 [SCA] [expired: 2022-02-16]
      A4A9 4068 76FC BD3C 4567  70C8 8C71 8D3B 5072 E1F5
uid           [ expired] MySQL Release Engineering <mysql-build@oss.oracle.com>

pub   rsa4096 2021-12-14 [SC] [expires: 2023-12-14]
      859B E8D7 C586 F538 430B  19C2 467B 942D 3A79 BD29
uid           [ unknown] MySQL Release Engineering <mysql-build@oss.oracle.com>
sub   rsa4096 2021-12-14 [E] [expires: 2023-12-14]

/etc/apt/trusted.gpg.d/certbot_ubuntu_certbot.gpg
-------------------------------------------------
pub   rsa4096 2016-11-02 [SC]
      7BF5 7606 6ADA 6572 8FC7  E70A 8C47 BE8E 75BC A694
uid           [ unknown] Launchpad PPA for certbot

/etc/apt/trusted.gpg.d/ondrej-ubuntu-apache2.gpg
------------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ondrej_ubuntu_php.gpg
--------------------------------------------
pub   rsa1024 2009-01-26 [SC]
      14AA 40EC 0831 7567 56D7  F66C 4F4E A0AA E526 7A6C
uid           [ unknown] Launchpad PPA for Ondřej Surý

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub   rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374  2BC0 D94A A3F0 EFE2 1092
uid           [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <cdimage@ubuntu.com>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub   rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B  7022 8719 20D1 991B C93C
uid           [ unknown] Ubuntu Archive Automatic Signing Key (2018) <ftpmaster@ubuntu.com>

ls -l /etc/apt/sources.list.d

-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list
-rw-r--r-- 1 root root 276 Apr  8 15:51 certbot-ubuntu-certbot-xenial.list.distUpgrade
-rw-r--r-- 1 root root 274 Mar 13  2020 certbot-ubuntu-certbot-xenial.list.save
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list
-rw-r--r-- 1 root root  43 Apr  8 15:51 cloudflare-main.list.distUpgrade
-rw-r--r-- 1 root root  43 Mar 13  2020 cloudflare-main.list.save
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list
-rw-r--r-- 1 root root  67 Apr  8 15:51 digitalocean-agent.list.distUpgrade
-rw-r--r-- 1 root root  67 Mar 13  2020 digitalocean-agent.list.save
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list
-rw-r--r-- 1 root root 501 Apr  8 15:51 mysql.list.distUpgrade
-rw-r--r-- 1 root root 137 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list
-rw-r--r-- 1 root root 135 Apr  8 15:51 ondrej-ubuntu-apache2-hirsute.list.distUpgrade
-rw-r--r-- 1 root root 123 Apr  8 15:51 ondrej-ubuntu-php-xenial.list
-rw-r--r-- 1 root root 124 Apr  8 15:51 ondrej-ubuntu-php-xenial.list.distUpgrade
-rw-r--r-- 1 root root 125 Apr  8 19:11 signal-xenial.list

- newcat1000

2你应该按照https://askubuntu.com/questions/1398344/apt-key-deprecation-warning-when-updating-system中的指示进行操作，但要根据你的三个仓库进行自定义。如果你在帖子中编辑并附上`sudo apt-key list和ls -l /etc/apt/sources.list.d`的输出，我们可以为你的情况提供具体的答案。 - Lorenz Keel

谷歌引导我来到这里，因为Mint21系统更新报告了W: http://ppa.launchpad.net/b-rad/kernel+mediatree+hauppauge/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details。我不太清楚自己在做什么，但我的.bash_history显示我运行了sudo add-apt-repository ppa:b-rad/kernel+mediatree+hauppauge和sudo apt-get install linux-firmware-hauppauge，当我试图让我的电视调谐器工作时... - FumbleFingers

所有的答案（这里和链接中的）看起来都很复杂，所以最后我做了一个完整的系统备份，然后只是在SortwareSources -> PPAs下“删除”了两个Hauppage条目，问题就解决了。电视调谐器（实际上是Afatech AF9015，不是我在另一台电脑上拥有的Hauppage）仍然工作，所以我想一切都没问题。 - FumbleFingers

对于apt-key list命令，你不需要使用sudo - Daniel Stevens

注意：在其他答案中，我添加了一个真正简单而正确的答案。不需要犹豫或者甚至使用CLI！我不能在这里添加它，因为这是重复的。但是我已经将它添加到所有出现在搜索结果中的其他答案上。 - anon

1个回答

- Lorenz Keel · Accepted Answer

这个答案是对这里matigo用户提供的答案的定制。你需要从废弃的密钥环中导出GPG密钥，并将其存储在每个仓库的/usr/share/keyrings目录下。

让我们从DigitalOcean密钥开始。打开终端并导出9FE3 B226 BD77 5196 D8C2 E599 DE88 104A A4C6 383F密钥： apt-key export A4C6383F | sudo gpg --dearmour -o /usr/share/keyrings/digitalocean-agent.gpg 注意： A4C6383F的值来自于apt-key list输出中pub代码的最后8个字符。

现在，我们可以更新apt源文件/etc/apt/sources.list.d/digitalocean-agent.list，添加一个signed-by标签。通过以下方式打开它： sudo -H gedit /etc/apt/sources.list.d/digitalocean-agent.list 然后，在URL之前的deb关键字后面添加标签[arch=amd64 signed-by=/usr/share/keyrings/digitalocean-agent.gpg]。

我不知道digitalocean-agent.list的确切内容，但它应该是类似于以下内容： deb [arch=amd64 signed-by=/usr/share/keyrings/microsoft.gpg] packages.microsoft.com/repos/edge stable main 运行sudo apt update以确认消息是否消失。

如果消息消失了，删除原始签名： sudo apt-key del A4C6383F 对于cloudflare-main.list，从8CACCBF8密钥开始生成cloudflare-main.gpg密钥，重复上述步骤。

对于mysql.list，从5072E1F5密钥开始生成mysql.gpg密钥，重复上述步骤。

请考虑到您收到的信息只是警告：如果出现问题，请将文件恢复为原样并保留警告，它们并不会造成任何损害。