不受信任的软件包apt-transport-https


11

我正在使用Debian wheezy,我想安装该软件包apt-transport-https,该软件包允许通过https协议访问apt仓库。

真正令我困惑的是,它apt-get给了我以下信息:

$ sudo apt-get install apt-transport-https
...
The following NEW packages will be installed:
  apt-transport-https
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 109 kB of archives.
After this operation, 166 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
  apt-transport-https
Install these packages without verification [y/N]?

我紧迫,N因为我想在安装软件包之前澄清这一点。为什么没有提供此程序包的身份验证信息?我希望这是默认设置,尤其是对于提供安全传输协议的软件包而言。

Answers:


16

当运行未安装apt-transport-https apt-get updatehttps镜像时,您可能会使缓存的(源)数据无效,这是使签名无效的副作用-这应在再次运行“ apt-get update”后自行修复(您可能必须还原临时移至非https镜像)。


我添加了sury repo(packages.sury.org/php),运行apt update,然后尝试安装apt-transport-https。那给了我警告。我禁用了该存储库(注释掉,apt update),并且警告不再出现。
x-yuri

1

Debian将将来将用于对软件包进行签名的密钥添加到debian-archive-keyring软件包中。这就是为什么您需要更新此软件包的原因。如果apt-get update不起作用,则可能必须(重新)安装钥匙圈:

sudo apt-get remove debian-keyring debian-archive-keyring

sudo apt-get clean

sudo apt-get update

sudo apt-get -y install debian-keyring debian-archive-keyring

来源:服务器故障

By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.