如何修复：“以下签名无法验证，因为公钥不可用：NO_PUBKEY”

Question

如何修复：“以下签名无法验证，因为公钥不可用：NO_PUBKEY”

42

我正在开发一个嵌入式系统，使用Debian 8（需要升级）。当我执行apt update命令时，会收到以下提示：

...
...
Hit http://deb.debian.org stable/contrib arm64 Packages
Hit http://deb.debian.org stable/non-free arm64 Packages                       
Fetched 116 kB in 19s (6011 B/s)                                               
Reading package lists... Done
Building dependency tree       
Reading state information... Done
109 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: GPG error: http://deb.debian.org stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 605C66F00D6C9793

我尝试过：

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys

但是得到了：

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.mXChDvLgjA --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://p80.pool.sks-keyserver.net:80 --recv-keys 605C66F00D6C9793
gpg: requesting key 0D6C9793 from hkp server p80.pool.sks-keyserver.net
?: p80.pool.sks-keyserver.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: No such file or directory
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

我也尝试过：

# gpg --keyserver pgp.mit.edu --recv-keys 648ACFD622F3D138 0E98404D386FA1D9 605C66F00D6C9793

返回了以下结果：

gpg: requesting key 22F3D138 from hkp server pgp.mit.edu
gpg: requesting key 386FA1D9 from hkp server pgp.mit.edu
gpg: requesting key 0D6C9793 from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3CBBABEE: public key "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>" imported
gpg: key 8DD47936: public key "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>" imported
gpg: key 0D6C9793: public key "Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 3
gpg:               imported: 3  (RSA: 3)

我在运行 # apt update 命令后仍然收到了 NO_PUBKEY 错误。这个问题应该如何解决？我的源如下：

cat /etc/apt/sources.list.d/multistrap-debian.list 
deb [arch=arm64] http://deb.debian.org/debian stable main contrib non-free
deb-src http://deb.debian.org/debian stable main contrib non-free

- stdcerr

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- stdcerr · Accepted Answer

53

我能够解决这个问题的方法是：

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 605C66F00D6C9793 \
    0E98404D386FA1D9 648ACFD622F3D138

看起来Ubuntu服务器也包含了Debian的密钥。

- stdcerr

5

我必须为密钥服务器指定另一个端口：hkp://keyserver.ubuntu.com:80参见 https://unix.stackexchange.com/a/399091/78382 - troyfolger

27

@stdcerr: apt-key现已被弃用。请您为未来的读者添加正确处理方式。谢谢。 - 4wk_

@4wk_ 我自己也不确定，现在无法测试！你最好的选择是谷歌或者 Debian 论坛。当你找到答案后，如果能更新一下这个帖子就太好了。提前感谢！ - stdcerr

2

在我的情况下需要使用 sudo - Florent

3

在Debian 10主机上的Ubuntu 22.04 Docker镜像中，这个操作无法正常工作。错误信息为

E: gnupg、gnupg2和gnupg1似乎未安装，但其中一个是此操作所需的。命令'/bin/sh -c apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C'返回了非零代码：255

。在我的情况下，我不得不使用Ubuntu 20.04镜像或更新的Debian版本。 - undefined