Debian与Ubuntu的apt更新与密钥

发表于 2024-11-13 分类于计算机界，使用配置 Waline：阅读次数：

apt的source配置

镜像还是比官网快很多的，默认安全更新走官网，需要手动改为镜像

#Debian 12 - bookworm
deb http://mirrors.bfsu.edu.cn/debian/ bookworm main
deb-src http://mirrors.bfsu.edu.cn/debian/ bookworm main

deb http://mirrors.bfsu.edu.cn/debian-security bookworm-security main
deb-src http://mirrors.bfsu.edu.cn/debian-security bookworm-security main

deb http://mirrors.bfsu.edu.cn/debian/ bookworm-updates main
deb-src http://mirrors.bfsu.edu.cn/debian/ bookworm-updates main

deb http://mirrors.bfsu.edu.cn/debian bookworm non-free non-free-firmware
deb-src http://mirrors.bfsu.edu.cn/debian bookworm non-free non-free-firmware

deb http://mirrors.bfsu.edu.cn/debian-security bookworm-security non-free non-free-firmware
deb-src http://mirrors.bfsu.edu.cn/debian-security bookworm-security non-free non-free-firmware

deb http://mirrors.bfsu.edu.cn/debian bookworm-updates non-free non-free-firmware
deb-src http://mirrors.bfsu.edu.cn/debian bookworm-updates non-free non-free-firmware

#Ubuntu 22.04 - jammy
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy main restricted
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates main restricted
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy universe
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates universe
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-updates multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-backports main restricted universe multiverse
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-security main restricted
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-security universe
deb http://mirrors.tuna.tsinghua.edu.cn/ubuntu jammy-security multiverse

apt的自动更新

1.安装自动更新的包

apt -y install unattended-upgrades apt-listchanges

2.编辑配置文件/etc/apt/apt.conf.d/50unattended-upgrades 基本默认即可

// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION* if
//  the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

3.编辑配置文件/etc/apt/apt.conf.d/20auto-upgrades
写入如下两行

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

4.启用服务：

systemctl enable unattended-upgrades.service

ubuntu密钥过期

升级一般密钥，注意只有gpg结尾才会被自动识别，asc不行

#curl -fsSL 等价于 wget -qO- 安静下载，错误退出
curl -fsSL https://packages.sury.org/php/apt.gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/php-sury.gpg
wget -qO- https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg

升级特定密钥

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys B188E2B695BD4743
gpg --export B188E2B695BD4743 > /etc/apt/trusted.gpg.d/php-sury.gpg

gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys B7B3B788A8D3785C
gpg --export B7B3B788A8D3785C > /etc/apt/trusted.gpg.d/mysql-server.gpg