web-dev-qa-db-ja.com

keyring.debian.orgからの鍵のインポートが失敗する

複数の署名の公開鍵が使用できないため、apt updateを使用したリポジトリの更新は失敗します。

$ Sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease                                                                              
Hit:3 http://deb.debian.org/debian stretch Release                                                                                
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease                                                                           
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease                                                                            
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease                                                                       
Hit:8 http://ftp.fr.debian.org/debian stretch Release                                                                             
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]                                                         
Hit:9 https://riot.im/packages/debian stretch InRelease                                                                           
Hit:10 http://ftp.fr.debian.org/debian jessie Release                                                                             
Err:1 http://security.debian.org/debian-security stretch/updates InRelease                                                        
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]                                                           
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease                                           
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release                                             
Err:14 http://deb.debian.org/debian stretch Release.gpg                           
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done 
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-AMD64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-AMD64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

keyring.debian.orgなしでキーを更新しようとしました

$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

ca-certificatesはバージョン20180409で最新であり、バージョンdebian-keyring2018.03.24も最新です。

https://serverfault.com/q/851724 に従って/etc/apt/trusted.gpgも削除しました。

@Stephen Kittのリクエスト:

$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root  4096 Jan  2 10:42 .
drwxr-xr-x 6 root root  4096 Jan  2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan  2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root  2796 Feb  6  2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root  2794 Feb  6  2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
  Installed: 2017.7ubuntu1
  Candidate: 2017.7ubuntu1
  Version table:
 *** 2017.7ubuntu1 500
        500 https://fr.archive.ubuntu.com/ubuntu bionic/universe AMD64 Packages
        500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
        100 /var/lib/dpkg/status
     2017.5 500
        500 http://ftp.fr.debian.org/debian stretch/main AMD64 Packages
        500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
        500 http://deb.debian.org/debian stretch/main AMD64 Packages
        500 http://deb.debian.org/debian stretch/main i386 Packages
     2017.5~deb8u1 500
        500 http://ftp.fr.debian.org/debian jessie/main AMD64 Packages
        500 http://ftp.fr.debian.org/debian jessie/main i386 Packages

適切なキーのインポートの問題を解決するにはどうすればよいですか?

2
Pradana Aumars

アーカイブキーを含むパッケージであるdebian-archive-keyringのDebianバージョンをインストールする必要があります。現在Ubuntuを使用しています。 (debian-keyringには、開発者のキーが含まれています。)

おそらく 手動でダウンロード し、dpkg -iを使用して(rootとして、またはSudoを使用して)インストールする必要があります。

長期的な修正として、Bionicをリポジトリから削除するか、デフォルトでアップグレード候補として使用されないようにピン接続を正しく構成する必要があります。

5
Stephen Kitt