zoukankan      html  css  js  c++  java
  • Kali的源得数字验证问题

    装上之后第一件事就是执行apt-get update && apt-get upgrade,结果却出现了这样的错误

    我添加的是中科大的更新源,在浏览器中是可以正常打开的:

    deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib  

    deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib

    #中科大

    deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib

    deb-src http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib

     

    #阿里云

    #deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib

    #deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free contrib

     

    #清华大学

    #deb http://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free

    #deb-src https://mirrors.tuna.tsinghua.edu.cn/kali kali-rolling main contrib non-free

     

    #浙大

    #deb http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free

    #deb-src http://mirrors.zju.edu.cn/kali kali-rolling main contrib non-free

     

    #东软大学

    #deb http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib

    #deb-src http://mirrors.neusoft.edu.cn/kali kali-rolling/main non-free contrib

     

    #官方源

    #deb http://http.kali.org/kali kali-rolling main non-free contrib

    #deb-src http://http.kali.org/kali kali-rolling main non-free contrib

     

    #重庆大学

    #deb http://http.kali.org/kali kali-rolling main non-free contrib

    #deb-src http://http.kali.org/kali kali-rolling main non-free contrib

    可是添加到 /etc/apt/source.list之后,执行apt-update就会出现上面的错误提示

    在多方搜索无果之后,我决定静下心来认真阅读一下kali中提供的文档,根据上面的提示, 我查看了apt-secure(8)——>命令man 8 apt-secure

    DESCRIPTION

           Starting with version 0.6, APT contains code that does signature

           checking of the Release file for all repositories. This ensures that

           data like packages in the archive can't be modified by people who have

           no access to the Release file signing key. Starting with version 1.1

           APT requires repositories to provide recent authentication information

           for unimpeded usage of the repository. Since version 1.5 changes in the

           information contained in the Release file about the repository need to

           be confirmed before APT continues to apply updates from this

           repository.

     

           Note: All APT-based package management front-ends like apt-get(8),

           aptitude(8) and synaptic(8) support this authentication feature, so

           this manpage uses APT to refer to them all for simplicity only.

    首先阅读一下apt-secure的描述,读完之后我们可以知道,之所以一直更新不成功,是因为没有签名或者是有签名但是apt没有对应的keypackage是不被信任的,安全起见,默认是不会采用这种源来进行更新的

    继续往下阅读

    UNSIGNED REPOSITORIES

           If an archive has an unsigned Release file or no Release file at all

           current APT versions will refuse to download data from them by default

           in update operations and even if forced to download front-ends like

           apt-get(8) will require explicit confirmation if an installation

           request includes a package from such an unauthenticated archive.

     

           You can force all APT clients to raise only warnings by setting the

           configuration option Acquire::AllowInsecureRepositories to true.

           Individual repositories can also be allowed to be insecure via the

           sources.list(5) option allow-insecure=yes. Note that insecure

           repositories are strongly discouraged and all options to force apt to

           continue supporting them will eventually be removed. Users also have

           the Trusted option available to disable even the warnings, but be sure

           to understand the implications as detailed in sources.list(5).

    第二段的标题正是没有签名的仓库,这正是我们需要的说明
    You can force all APT clients to raise only warnings by setting the
    configuration option Acquire::AllowInsecureRepositories to true.

    这句话就是解决问题的关键,虽然国内的源没有签名,或者签名过期(失效),但是我们可以强制apt进行更新,忽略仓库的安全性,而想要达到这个目的,我们就需要对APT的配置文件进行修改
    我搜索了apt.conf这个关键字,但相关网页都是英文的,硬着头皮读完之后发现我的kali中并没有apt.conf文件,在我的/etc/apt目录下,只有一个apt.conf.d目录,cd进该目录:

    那么多配置文件,我也不知道到底该改哪一个,然后又去百度了一会儿,看到了这篇文章
    https://wiki.debian.org/AptConf

    然后我就抱着试一试的心态打开了70debconf文件,按照前面man文档的指导,在里面输入了Acquire::AllowInsecureRepositories true;
    然后执行apt-config dump,查看apt的对应配置有无生效

    Acquire::AllowInsecureRepositories的属性值由最初的”0”变成了”true
    说明更改配置成功,然后赶紧敲入apt-get update && apt-get upgrade

  • 相关阅读:
    从干将莫邪的故事说起--java比较操作注意要点
    我又不是你的谁--java instanceof操作符用法揭秘
    色即是空,空即是色---java有关null的几件小事
    大头儿子和小头爸爸的战斗--java字符和字符串
    你的环境有问题吧?--byte数组转字符串的疑惑
    两小无猜的爱恨情仇--java =+和+=揭秘
    java程序猿如何练习java版的易筋经?
    孙悟空的七十二变是那般?--java类型的七十二变揭秘
    leetcode 341. Flatten Nested List Iterator
    leetcode 44. Wildcard Matching
  • 原文地址:https://www.cnblogs.com/haozheyu/p/9212245.html
Copyright © 2011-2022 走看看