Yes, that solution is more secure, as I think 02 окт. 2014 г. 1:08 пользователь "Floris" <jkflo...@dds.nl> написал:
> Op Wed, 01 Oct 2014 09:18:10 +0200 schreef Valery Mamonov < > valerymamo...@gmail.com>: > > > > 2014-10-01 11:02 GMT+04:00 Ansgar Burchardt <ans...@debian.org>: > >> severity 647001 important >> thanks >> >> Hi, >> >> Valery Mamonov <valerymamo...@gmail.com> writes: >> > 2014-10-01 3:30 GMT+04:00 Ansgar Burchardt <ans...@43-1.org>: >> >> Valery Mamonov <valerymamo...@gmail.com> writes: >> >> > I'm experiencing some troubles with updating my debian machine. >> >> > After aptitude update i'm having multiple errors like these: >> >> > >> >> > W: GPG error: http://deb.ianod.es unstable InRelease: The following >> >> > signatures couldn't be verified because the public key is not >> available: >> >> > NO_PUBKEY 498F1DF0598C5C38 >> >> >> >> Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg? >> >> What happens if you move them to a file in /etc/apt/trusted.gpg.d? >> >> >> > After moving trusted.gpg from /etc/apt to /etc/apt/trusted.gpg.d all >> keys >> > were missing. >> > I have manually added keys, but after 'aptitude update' I've got same >> > result - all keys not found. >> > The size of new /etc/apt/trusted.gpg was 0 kb. >> > The size of new /etc/apt/trusted.gpg.d/trusted.gpg was ~106 kb. >> >> Are you using apt from experimental? >> >> With apt_1.1~exp3 I could reproduce the issue: /etc/apt/trusted.gpg is >> not world-readable and apt now uses a _apt user for some tasks. So it >> cannot access the public keys for verification. >> >> Please try making the keyring world-readable (chmod a+r ...). >> >> Ansgar >> >> Yes, i'm using apt from experimental: > > LANG=C apt-cache policy apt > apt: > Installed: 1.1~exp3 > Candidate: 1.0.9.1 > Version table: > *** 1.1~exp3 0 > 1110 http://mirror.yandex.ru/debian/ experimental/main amd64 > Packages > 1110 ftp://ftp.de.debian.org/debian/ experimental/main amd64 > Packages > 1110 ftp://mirror.mephi.ru/debian/ experimental/main amd64 Packages > 1110 http://mirrors.kernel.org/debian/ experimental/main amd64 > Packages > 100 /var/lib/dpkg/status > > So I made /etc/apt/trusted.gpg world readable and my problem seemed to be > solved. > > > I also use the experimental version of apt, and solved the issue with: > $ sudo setfacl -m u:_apt:r trusted.gpg > I'm not sure, but I think it is a little saver solution. Only the _apt > user is > allowed to read the file, but correct me if I am wrong. > > Thanks Ansgar for pointing to a solution, > > floris > > >
