”gpg: error reading key: 找不到公钥“

sh/bash/dash/ksh/zsh等Shell脚本
回复
cramming5
帖子: 24
注册时间: 2016-12-01 15:18
系统: ubuntu16.10

”gpg: error reading key: 找不到公钥“

#1

帖子 cramming5 » 2016-12-26 14:38

”gpg: error reading key: 找不到公钥“
这是为什么
头像
lilydjwg
论坛版主
帖子: 4248
注册时间: 2009-04-11 23:46
系统: Arch Linux
联系:

Re: ”gpg: error reading key: 找不到公钥“

#2

帖子 lilydjwg » 2016-12-26 15:05

原因它跟你说了啊:「找不到公钥」。去下载一下就好:

gpg --recv-keys xxxx

xxxx 是公钥的 ID,报错信息里有。

另外建议在 ~/.gnupg/gpg.conf 里加一句「keyid-format 0xlong」,使用长 ID 防止被碰撞。
头像
lilydjwg
论坛版主
帖子: 4248
注册时间: 2009-04-11 23:46
系统: Arch Linux
联系:

Re: ”gpg: error reading key: 找不到公钥“

#3

帖子 lilydjwg » 2016-12-26 15:06

原因它跟你说了啊:「找不到公钥」。去下载一下就好:

gpg --recv-keys xxxx

xxxx 是公钥的 ID,报错信息里有。

另外建议在 ~/.gnupg/gpg.conf 里加一句「keyid-format 0xlong」,使用长 ID 防止被碰撞。
cramming5
帖子: 24
注册时间: 2016-12-01 15:18
系统: ubuntu16.10

Re: ”gpg: error reading key: 找不到公钥“

#4

帖子 cramming5 » 2016-12-26 16:47

lilydjwg 写了:原因它跟你说了啊:「找不到公钥」。去下载一下就好:

gpg --recv-keys xxxx

xxxx 是公钥的 ID,报错信息里有。

另外建议在 ~/.gnupg/gpg.conf 里加一句「keyid-format 0xlong」,使用长 ID 防止被碰撞。
我在看ubuntu的文档时遇到的,
Generating a new ubuntu-keyring .deb to sign your CD

In order to sign the Release file, we need to use GPG. The install system will then check the signature against the public keys held in the package ubuntu-keyring. You do not have a private key that matches one of the ones in the shipped ubuntu-keyring, so we need to build a custom version of the ubuntu-keyring package. Install the gnupg package if you do not have it already.

To create a signing key, enter gpg --gen-key. Accept the defaults, (for this use, it is probably OK to use "No expiry"). For your Real Name and E-mail address, you might like to use something like "XXX Signing Key" and "packages@xxx.example.org". Enter an appropriate passphrase.

In another directory (I use /opt/build/), we will download the source for the ubuntu-keyring package, unpack it, add our own GPG key, and rebuild the package. These steps import the 2 Ubuntu public signing keys into your main keyring, then exports them, along with your own public signing key, into a replacement keyring. "YOURKEYID" should be replaced with the 8-digit hexadecimal code that gpg tells you when you do the --list-keys command. "Signing Key Name" is what you used in the previous step, when running gpg --gen-key.

To clarify, below is an example 'gpg --list-keys' response. In this example, "YOURKEYID" immediately follows the '/' on the line beginning with 'pub' (which in this example is '437D05B5'.)

gpg --list-keys
pub 1024D/437D05B5 2006-09-08
uid XXX Signing Key <packages@xxx.example.org>
sub 2048g/79164387 2006-09-08

Here is an example, which you will need to customize to suit your own setup:

cd /opt/build
sudo apt-get install fakeroot # requires the fakeroot package which may not be installed on your system.
apt-get source ubuntu-keyring
cd ubuntu-keyring-2008.03.04/keyrings
gpg --import < ubuntu-archive-keyring.gpg
gpg --list-keys "Signing Key Name"
gpg --export FBB75451 437D05B5 YOURKEYID > ubuntu-archive-keyring.gpg
cd .. # you are now on ubuntu-keyring-2008.03.04
dpkg-buildpackage -rfakeroot -m"Your Name <your.email@your.host>" -kYOURKEYID

cd .. # you are now on the directory where you started, in the example, /opt/build
cp ubuntu-keyring*deb /opt/cd-image/pool/main/u/ubuntu-keyring

You will end up with a udeb file for the installer, and a .deb file for the system. Both files need to be copied into the main component of your CD, because the CD will not check the extras directory.
它讲安装程序会用新的包ubuntu-keyring 的公匙来检测签名。gpg的那三步不理解什么意思啊。。。
poloshiao
论坛版主
帖子: 18279
注册时间: 2009-08-04 16:33

Re: ”gpg: error reading key: 找不到公钥“

#5

帖子 poloshiao » 2016-12-26 18:32

gpg --import < ubuntu-archive-keyring.gpg
gpg --list-keys "Signing Key Name"
gpg --export FBB75451 437D05B5 YOURKEYID > ubuntu-archive-keyring.gpg
gpg 的那三步不理解什么意思
參閱
https://help.ubuntu.com/community/GnuPrivacyGuardHowto
GnuPrivacyGuardHowto
回复