我收到关于不安全所有权的警告~/.gnupg:
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg
gpg: WARNING: unsafe ownership on homedir '/home/USER/.gnupg'
chown -R $(USER) ~/.gnupg/
find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \;
sudo gpgconf --kill dirmngr
sudo chown -R USER:USER /home/USER/.gnupg
chmod 700 /home/USER/.gnupg
chmod 600 ~/.gnupg/*
ls -al /home/elias/.gnupg
drwx------ 4 USER USER 4096 Jul 1 19:33 .
drwxr-xr-x 96 USER USER 20480 Jul 10 11:19 ..
drw------- 2 USER USER 4096 Feb 13 2019 crls.d
drw------- 2 USER USER 4096 Aug 13 2018 private-keys-v1.d
-rw------- 1 USER USER 2305 Feb 13 2019 pubring.kbx
-rw------- 1 USER USER 584 Feb 13 2019 pubring.kbx~
-rw------- 1 USER USER 1200 Aug 13 2018 trustdb.gpg
可能相关:
error:45 http://ppa.launchpad.net/hugin/hugin-builds/ubuntu bionic Release
404 Not Found [IP: 91.189.95.85 80]
Hit:32 https://www.icesi.edu.co/CRAN/bin/linux/ubuntu xenial-cran35/ InRelease
error:25 https://repo.skype.com/deb stable InRelease
The following signatures were not valid: EXPKEYSIG 1F3045A5DF7587C3 Skype Linux Client Repository <se-um@microsoft.com>
error:30 http://apt.insynchq.com/ubuntu bionic InRelease
The following signatures were not valid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <services@insynchq.com>
E: The repository 'https://packages.sury.org/php bionic Release' does not have a Release file.
N: Updating from such a repository cant be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://ppa.launchpad.net/hugin/hugin-builds/ubuntu bionic Release' does not have a Release file.
N: Updating from such a repository cant be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: https://repo.skype.com/deb stable InRelease: The following signatures were not valid: EXPKEYSIG 1F3045A5DF7587C3 Skype Linux Client Repository <se-um@microsoft.com>
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: http://apt.insynchq.com/ubuntu bionic InRelease: The following signatures were not valid: EXPKEYSIG A684470CACCAF35C Insynchq Inc <services@insynchq.com>
询问的额外信息:
ls -al /usr/share/keyrings/
结果:
drwxr-xr-x 2 root root 4096 Jul 10 11:13 .
drwxr-xr-x 621 root root 20480 Jul 10 13:50 ..
-rw-r--r-- 1 root root 1795 Jul 10 11:52 githubcli-archive-keyring.gpg
-rw-r--r-- 1 root root 2274 May 11 13:19 ubuntu-advantage-cis.gpg
-rw-r--r-- 1 root root 2236 May 11 13:19 ubuntu-advantage-esm-apps.gpg
-rw-r--r-- 1 root root 2264 May 11 13:19 ubuntu-advantage-esm-infra-trusty.gpg
-rw-r--r-- 1 root root 2275 May 11 13:19 ubuntu-advantage-fips.gpg
-rw-r--r-- 1 root root 7399 Sep 18 2018 ubuntu-archive-keyring.gpg
-rw-r--r-- 1 root root 6713 Oct 27 2016 ubuntu-archive-removed-keys.gpg
-rw-r--r-- 1 root root 4097 Feb 6 2018 ubuntu-cloudimage-keyring.gpg
-rw-r--r-- 1 root root 0 Jan 17 2018 ubuntu-cloudimage-removed-keys.gpg
-rw-r--r-- 1 root root 1227 May 27 2010 ubuntu-master-keyring.gpg
额外信息2:
sudo env | grep '^HOME='
结果:
HOME=/home/elias
让我们看一下这个命令正在做什么(为了说明而简化)
\n\n\nRun Code Online (Sandbox Code Playgroud)\ncurl \xe2\x80\xa6 | sudo gpg \xe2\x80\xa6 -o /usr/share/keyrings/githubcli-archive-keyring.gpg\n
该curl部分启动并得到我们要给予的东西gpg;没问题。
该sudo gpg命令gpg以运行root,但目录未更改HOME。运行时gpg它会检查$HOME/.gpg所有权和权限。在本例中,它运行为root,但发现该目录不是由 拥有,而是root由 拥有USER。它适当地大声抱怨
\n\nRun Code Online (Sandbox Code Playgroud)\ngpg: WARNING: unsafe ownership on homedir '/home/USER/.gnupg'\n
您提到您不能省略sudo,我认为这是因为您需要 root 权限才能写入/usr/share/keyrings/。这种情况下的解决方案可能是告诉sudo更改HOME目录值以匹配root用户
sudo -H gpg --dearmor -o /usr/share/keyrings/githubcli-archive-keyring.gpg\n文档 ( man sudo) 解释说,
\n\n\n
-H,--set-home请求安全策略将HOME环境变量设置为目标用户的密码数据库条目指定的主目录。
gpg另一种选择是不运行sudo并将密钥写入您自己的HOME目录,然后使用sudo将其移动到目标目录
gpg --dearmor -o githubcli-archive-keyring.gpg &&\n sudo mv -f githubcli-archive-keyring.gpg /usr/share/keyrings/\n| 归档时间: |
|
| 查看次数: |
6159 次 |
| 最近记录: |