问题描述
我在CircleCi设置中执行以下步骤来安装Google Chrome:
- run:
name: Install Chrome headless
working_directory: /
command: |
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - && \
echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google.list && \
apt-get update && \
apt-get install -y dbus-x11 google-chrome-unstable && \
rm -rf /var/lib/apt/lists/*
它停止工作并返回以下错误消息:
W: GPG error: http://dl.google.com/linux/chrome/deb stable Release: The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
W: The repository 'http://dl.google.com/linux/chrome/deb stable Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libappindicator3-1 libdbusmenu-gtk3-4 libindicator3-7
Recommended packages:
libu2f-udev
The following NEW packages will be installed:
dbus-x11 google-chrome-unstable libappindicator3-1 libdbusmenu-gtk3-4
libindicator3-7
0 upgraded, 5 newly installed, 0 to remove and 48 not upgraded.
Need to get 60.4 MB of archives.
After this operation, 214 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
google-chrome-unstable
E: There were unauthenticated packages and -y was used without --allow-unauthenticated
Exited with code 100
我该如何解决这个问题?
最佳解决方法
你没有。您必须等待Google续订其密钥并进行更新。
重要的信息是:
The following signatures were invalid: EXPKEYSIG 1397BC53640DB551 Google Inc. (Linux Packages Signing Authority)
这意味着加密签名无效。这可能是攻击,配置错误或其他类型的技术问题。强制系统更新将导致运行未经验证的Web浏览器版本,这可能会给您带来很多安全问题。
次佳解决方法
它与这个问题相同(10分钟差异):https://askubuntu.com/questions/1133199/the-following-signatures-were-invalid-expkeysig-1397bc53640db551
简短说明:Google端的GPG密钥已过期,因此您(我们)必须等待。
第三种解决方法
计划1
This is the protection you are getting from these checks. You don’t want to update your software right now while something is messed up on Google’s end. Wait until they fix it. Don’t try to override by reinstalling keys until some official word comes out that a new key is the solution.
计划2
Waiting until they fix it may not be an option for all. E.g. this is breaking CI pipelines for us. If you now what you are doing, you might take the risk and disable checks for this repo for now by adding [trusted=yes] to it’s configuration: deb [trusted=yes] http://dl.google.com/linux/chrome/deb/ stable main –