经过很长时间的搜索,我终于找到了一个特定的软件包,我需要为故意存在漏洞的机器安装虚拟机。有问题的软件包是openssl1.0.2-1,我在安装它时遇到了很多麻烦。该软件包位于https://snapshot.debian.org/archive/debian/20150123T220434Z。我已经在我的快照存储库中添加了一个 deb 条目sources.list.d/,并添加了必要的密钥apt-key,但现在运行时出现以下错误sudo apt update:
Err:9 https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease
The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
Reading package lists... Done
W: GPG error: https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease: The following signatures were invalid: EXPKEYSIG 8B48AD6246925553 Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>
E: The repository 'https://snapshot.debian.org/archive/debian/20150123T220434Z unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled …