AlmaLinux系统中yum安装软件提示:导入的密钥没有公钥,错误的公钥?
问题现象
yum安装软件提示:导入的密钥没有公钥,错误的公钥?
报错截图:
原因分析
此处提示从本地文件导入 GPG 公钥,是为原公钥已过期,提示用户需要导入新的公钥,而系统原 /etc/pki/rpm-gpg/
路径下存在公钥文件,所以提示是否导入该文件。但路径下的公钥文件也为过期的公钥文件,所以最终提示公钥错误。
AlmaLinux 8.5 在当前(2024 年 03 月 08 日)已属于过期已久的版本,AlmaLinux OS 基金会已于 2023 年 12 月 20 日发布博文告知用户 AlmaLinux 8 的 GPG 公钥已变更(查看对应文章:AlmaLinux 8 GPG key change)的消息。
在博文内还提到,新的 GPG 公钥已内嵌在最早于 2023 年 10 月 16 日发布的 AlmaLinux OS 8.8-3.el8 中,所以,本错误只会发生在早于该版本的 AlmaLinux 中。
总结一下就是:公钥过期,安装软件时,验证没有通过,需要重新获取新的公钥重新安装。
官方原文链接:https://almalinux.org/blog/2023-12-20-almalinux-8-key-update/
Late last year we experienced a system failure that resulted in the loss of the master key that would allow us to extend the life of the GPG key that we use to sign packages for AlmaLinux 8, and it is set to expire in January of 2024. While we have ensured that this won’t happen again, some users will need to take specific steps to import the new GPG key.
If your device is running a little behind in updates for AlmaLinux 8, please read more below to identify the actions you need to take.
Getting ready for AlmaLinux 8 GPG key change
On January 12, 2024 we will start signing RPM packages and repodata for AlmaLinux 8 with the updated GPG key. Taking the steps below will allow you to continue to recieve updates without problems when we make the switch.
Fast track
If you want to make sure your system already includes and trusts new AlmaLinux 8 GPG key you can just import it:
rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
This command imports new AlmaLinux 8 GPG key to rpm database if it’s not there yet, or does nothing if it’s already trusted. No more action required.
How to check your system and import new key
The new GPG key is included in the almalinux-release
package version 8.8-3.el8
(released Oct 16, 2023) or higher. To see if your system already trusts the new AlmaLinux 8 GPG key you can run the following:
rpm -q gpg-pubkey-ced7258b-6525146f
If the new GPG key is already trusted, you will see the following message, and no further action is necessary:
gpg-pubkey-ced7258b-6525146f
If the GPG key is not trusted, you will see the following error:
package gpg-pubkey-ced7258b-6525146f is not installed
In this case we recommended that you import the new AlmaLinux 8 GPG key to the rpm database:
rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
If your device is running in an airgapped environment, or does not have an external network connection, as long as the almalinux-release
package version 8.8-3.el8
or higher is installed you can also import key directly from the file:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
What will happen if none of the above is done?
If your system is recent enough and you install updates on regular basis, nothing bad will happen. The new AlmaLinux 8 GPG key is included in almalinux-release
package version 8.8-3.el8
or higher (released Oct 16, 2023).
In this case when trying to install package signed with the new key dnf
may ask you to trust new key (this is exactly what happens when you install updates on clean just installed OS). If you use dnf
with -y
argument this will happen automatically.
BUT, if your system has not received updates for a long time and almalinux-release
package version is lower than 8.8-3.el8
you will not be able to install packages signed with the new key until you manually import new GPG key as trusted.
Get or give help!
As the number of AlmaLinux users grows the number of people asking questions and needing help is growing, too! If you have questions about this or anything else AlmaLinux-related, you can ask on our forums or in our AlmaLinux Community Chat. While you’re there, take a second to see if there are any unanswered questions that you can help with!
You can also keep up to date with all things AlmaLinux by subscribing to our announce mailing list, or our signing up for our monthly newsletter. Catch us on Reddit, and follow us on Mastodon @[email protected] or X.
解决方案一【推荐】:
安装官方新的GPG key证书:
rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
或者安装阿里云提供的镜像证书:
rpm --import https://mirrors.aliyun.com/almalinux/RPM-GPG-KEY-AlmaLinux
并使用以下指令验证是否成功导入:
rpm -q gpg-pubkey-ced7258b-6525146f
如若返回
gpg-pubkey-ced7258b-6525146f
则代表公钥已存在,如若返回
package gpg-pubkey-ced7258b-6525146f is not installed
则需要再次执行上方 rpm --import
命令导入 GPG 公钥
解决方案二:
AlmaLinux系统替换阿里云yum源:执行以下命令备份并替换默认源
sed -e 's|^mirrorlist=|#mirrorlist=|g' \
-e 's|^# baseurl=https://repo.almalinux.org|baseurl=https://mirrors.aliyun.com|g' \
-i.bak \
/etc/yum.repos.d/almalinux*.repo
扩展知识:
删除旧的 GPG 公钥并重新导入
查找导入的 GPG 公钥的标识符:
如果你想查找最近导入的 GPG 公钥的标识符,可以使用以下命令:
rpm -q gpg-pubkey --qf "%{name}-%{version}-%{release} --> %{summary}\n"
有时,删除旧的 GPG 公钥然后重新导入可能有助于解决问题。你可以按照以下步骤操作:
删除旧的 GPG 公钥:
sudo rpm -e gpg-pubkey-<key_id>
重新导入 GPG 公钥:
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
清理缓存:
有时,清理软件包管理器的缓存也可以帮助解决问题。你可以尝试清理缓存并重新尝试更新软件包:
sudo dnf clean all
或者
sudo dnf clean packages