密钥存储在旧版 trusted.gpg 密钥环 (/etc/apt/trusted.gpg) 中

Question

密钥存储在旧版 trusted.gpg 密钥环 (/etc/apt/trusted.gpg) 中

我刚刚从 Ubuntu 21.10 升级到 22.04。

sudo apt update以以下警告结束...

W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

Run Code Online (Sandbox Code Playgroud)

Synaptic重新加载时显示相同的警告。

审查man apt-key并不能为我澄清这一点。

我认为这是因为 Ubuntu 22.04 已从使用 /etc/apt/trusted.gpg 过渡到使用位于 /etc/apt/trusted.gpg.d 中的单独 .gpg 文件。

这些密钥可以从一个密钥转换为另一个密钥，还是我必须删除这些密钥并重新导入它们？

Answer 1

hey*_*ema 183

sudo apt update修复这些由...生成的警告消息的简单方法

W: https://linux.teamviewer.com/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://apt.keepsolid.com/ubuntu/dists/groovy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://linux.dropbox.com/ubuntu/dists/disco/Release.gpg: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://download.virtualbox.org/virtualbox/debian/dists/hirsute/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://download.opensuse.org/repositories/home:/IBBoard:/cawbird/xUbuntu_22.04/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://ppa.launchpad.net/solaar-unifying/stable/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details. W: http://ppa.launchpad.net/yannubuntu/boot-repair/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
Run Code Online (Sandbox Code Playgroud)
注意：这些警告消息可以由“其他软件”选项卡中任何启用的存储库或 ppa生成Software & Updates。

修复示例：

对于此警告消息sudo apt update...

W: http://ppa.launchpad.net/team-xbmc/ppa/ubuntu/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
Run Code Online (Sandbox Code Playgroud)

我们查看sudo apt-key list并找到 xbmc 的这个条目...

pub rsa1024 2009-01-20 [SC] 1897 01DA 570C 56B9 488E F60A 6D97 5C47 91E7 EE5E uid [ unknown] Launchpad PPA for XBMC for Linux
Run Code Online (Sandbox Code Playgroud)

然后我们使用上面的最后 8 个数字字符将此条目转换为 .gpg 文件...

sudo apt-key export 91E7EE5E | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/team-xbmc.gpg
Run Code Online (Sandbox Code Playgroud)

您可以选择通过运行以下命令来删除已弃用的密钥/etc/apt/trusted.gpg：

sudo apt-key --keyring /etc/apt/trusted.gpg del 91E7EE5E
Run Code Online (Sandbox Code Playgroud)

对生成的每条警告消息重复上述命令sudo apt update。

注意：部分摘自此处和此处已接受的答案。

这就是我一直在寻找的答案。谢谢！ (4认同)

@heynnema：顺便说一句，我寻找脚本的确切原因是，因为你的方式使得找到真正需要的脚本变得非常麻烦。因此，尽管您的意图无疑是好的，但最终还是有人编写了一个循环来对所有这些对象执行此操作。^^ (2认同)

Answer 2

小智 127

迁移到 Ubuntu 22.04 后遇到了这个问题，并想添加我的解决方案。我有很多密钥需要更新/转换。这不是最佳解决方案，但效果很好。

\n

此解决方案特定于 Ubuntu 22.04 和bash5.2.16。其他发行版和版本可能无法工作。

\n

将所有这些已弃用的密钥转换为新格式的一行代码。

\n

在运行之前请花点时间了解您\xe2\x80\x99在这里做什么！还要确保你的bash年龄不太大。我的bash版本：GNU bash, version 5.1.16(1)-release (x86_64-pc-linux-gnu)

\n

for KEY in $(apt-key --keyring /etc/apt/trusted.gpg list | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" | tr -d " " | grep -E "([0-9A-F]){8}\\b" ); do K=${KEY:(-8)}; apt-key export $K | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg; done\n

Run Code Online (Sandbox Code Playgroud)\n

对于那些想要更具可读性的人......

\n

for KEY in $( \\\n    apt-key --keyring /etc/apt/trusted.gpg list \\\n    | grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})" \\\n    | tr -d " " \\\n    | grep -E "([0-9A-F]){8}\\b" \\\n); do\n    K=${KEY:(-8)}\n    apt-key export $K \\\n    | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg\ndone\n

Run Code Online (Sandbox Code Playgroud)\n

解释：

\n

检索已知键的列表：
\n
```
apt-key list\n
```
Run Code Online (Sandbox Code Playgroud)\n
查找前面有 1 或 2 个空格且长度为 4 个字符的所有十六进制字符组。获取每行有 10 个分组的集合。这提供了完整的调号。
\n
```
grep -E "(([ ]{1,2}(([0-9A-F]{4}))){10})"\n
```
Run Code Online (Sandbox Code Playgroud)\n
修剪掉（删除）找到的每一行上的所有空格，以便调号不会被空格打断：
\n
```
tr -d " "\n
```
Run Code Online (Sandbox Code Playgroud)\n
获取每行的最后 8 个字符：
\n
```
grep -E "([0-9A-F]){8}\\b"\n
```
Run Code Online (Sandbox Code Playgroud)\n
现在我们有了一个密钥后缀的集合，每个后缀的长度为 8 个字符。
\n
循环遍历每个键后缀，将当前后缀放入变量中KEY：
\n
```
for KEY in $(\xe2\x80\xa6); do\n
```
Run Code Online (Sandbox Code Playgroud)\n
将最后 8 个字符分配给变量K：
\n
```
K=${KEY:(-8)};\n
```
Run Code Online (Sandbox Code Playgroud)\n
导出与签名匹配的密钥K并将其传递/通过管道传递到gpg以正确存储它：
\n
```
apt-key export $K | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/imported-from-trusted-gpg-$K.gpg\n
```
Run Code Online (Sandbox Code Playgroud)\n
循环直到处理完所有键。
\n
```
done\n
```
Run Code Online (Sandbox Code Playgroud)\n
不再享受弃用警告。
\n

\n

特别感谢heynnema，他的解决方案是此方案的核心。

\n

不知道为什么这没有更多的赞成票......它就像一个魅力。 (6认同)

Answer 3

小智 29

对我有用的是：

mv /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d/

Run Code Online (Sandbox Code Playgroud)

为了增加兼容性，软链接它而不是移动它怎么样？ (2认同)

Answer 4

小智 8

我修改了@Frank 的函数，从旧的 trust.gpg 中删除密钥以避免重复。

function apt-key-migrate {
    typeset key="$1"
    typeset dest="$2"

    if [ -z "$key" ] || [ -z "$dest" ];
    then
        echo "Usage: apt-key-migrate <key> <destination>"
        return 1
    fi

    sudo apt-key --keyring /etc/apt/trusted.gpg export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
    test -s "/etc/apt/trusted.gpg.d/$dest.gpg" && sudo apt-key --keyring /etc/apt/trusted.gpg del $key
}

Run Code Online (Sandbox Code Playgroud)

Answer 5

小智 6

我已将@heynnema 的答案转换为一个函数，为了方便起见，您可以将其放在下面.bashrc。这需要两个参数：密钥（最后 8 个字符）和输出 GPG 文件的目标文件名。

function apt-key-migrate {
  typeset key="$1"
  typeset dest="$2"

  if [ -z "$key" ] || [ -z "$dest" ];
  then
    echo "Usage: apt-key-migrate <key> <destination>"
    return 1
  fi

  sudo apt-key export $key | sudo gpg --dearmour -o /etc/apt/trusted.gpg.d/$dest.gpg
}

Run Code Online (Sandbox Code Playgroud)

例子：apt-key-migrate 91E7EE5E team-xbmc

归档时间：	3 年，11 月前
查看次数：	105545 次
最近记录：	2 年，4 月前