The following signatures were invalid - Mon, Aug 22, 2022
The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics <info@osrfoundation.org>
The following signatures were invalid: EXPKEYSIG F42ED6FBAB17C654 Open Robotics info@osrfoundation.org
提示: Linux发行版更新较快,命令可能因版本不同而有差异。
问题背景
在使用apt更新时,可能会遇到GPG签名过期或无效的问题,导致无法安装或更新软件包。
解决方法
方法1:更新GPG密钥
# ROS密钥更新
sudo sh -c '. /etc/lsb-release && echo "deb http://mirrors.tuna.tsinghua.edu.cn/ros/ubuntu/ `lsb_release -cs` main" > /etc/apt/sources.list.d/ros-latest.list'
curl -sSL 'http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC1CF6E31E6BADE8868B172B4F42ED6FBAB17C654' | sudo apt-key add -
方法2:使用apt-key添加密钥
# 从密钥服务器获取
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F42ED6FBAB17C654
# 或从文件导入
wget -O - https://raw.githubusercontent.com/ros/rosdistro/master/ros.key | sudo apt-key add -
方法3:使用新方式(Ubuntu 22.04+)
# 创建keyrings目录
sudo mkdir -p /etc/apt/keyrings
# 下载并保存密钥
curl -fsSL https://raw.githubusercontent.com/ros/rosdistro/master/ros.key | sudo tee /etc/apt/keyrings/ros.gpg > /dev/null
# 更新源列表
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/ros.gpg] http://mirrors.tuna.tsinghua.edu.cn/ros/ubuntu $(. /etc/os-release && echo $UBUNTU_CODENAME) main" | sudo tee /etc/apt/sources.list.d/ros.list > /dev/null
通用解决方案
查看过期的密钥
# 列出所有密钥
apt-key list
# 查看过期时间
apt-key list | grep -A 1 "expired"
删除旧密钥
# 删除指定密钥
sudo apt-key del F42ED6FBAB17C654
# 或使用最后8位
sudo apt-key del AB17C654
常见仓库密钥更新
# Docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
# Node.js
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
# Google Chrome
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
验证配置
# 更新软件源
sudo apt update
# 检查密钥状态
sudo apt update --allow-insecure-repositories
最佳实践
- 使用keyrings:Ubuntu 22.04+推荐使用/etc/apt/keyrings目录
- 定期更新密钥:密钥有有效期限制
- 使用官方源:优先使用官方软件源
- 备份密钥:保存常用仓库的密钥文件