[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 添加 DVD iso 当源,安装时提示有安全风险

更新:
https://help.ubuntu.com/community/AptCdrom

找到这里的方式,明天去试。


-Never

2014-05-15 21:49 GMT+08:00 Never Min <never.min@gmail.com>:
> 大家好:
>
> 由于产线有一台服务器无法与外网连接,所以打算下载三张 DVD 光盘做源,
> 目前已经成功 mount iso 文件作源,但是安装软的时候都提示有安全风险,
> 需要输入Yes 之后才能确认,我的步骤如下:
>
> 我在这里把三张 DVD ISO 下载到服务器上:
> http://cdimage.debian.org/debian-cd/7.5.0/amd64/iso-dvd/
>
> 除此之外有还有通过 jigdo 方式下载另外的几张,
> 但没有关系,我只用前三张,分别是:
> debian-7.5.0-amd64-DVD-{1..3}.iso
>
> 还有签名:
> MD5SUMS
> MD5SUMS.sign
>
> 把三个 ISO 分别用 mount loop 方式挂到起来,修改 source.list,如下:
> mount -oloop debian-7.5.0-amd64-DVD-{1..3}.iso /media/cd{1..3}
> deb file:///media/cd[1-3]/ wheezy main
>
> 更新源之后然后尝试安装:
> aptitude update
> aptitude install screen
>
> 更新源的时候提示:
> Ign file: wheezy Release.gpg
> Ign file: wheezy Release.gpg
> Ign file: wheezy Release.gpg
> Get: 1 file: wheezy Release [18.6 kB]
> Get: 2 file: wheezy Release [17.7 kB]
> Err file: wheezy/main amd64 Packages
> Err file: wheezy/main amd64 Packages
> Get: 3 file: wheezy Release [13.8 kB]
> Err file: wheezy/main amd64 Packages
> Err file: wheezy/main amd64 Packages
> Err file: wheezy/main amd64 Packages
>
> 安装的时候提示错误:
> The following NEW packages will be installed:
>   screen
> 0 packages upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
> Need to get 0 B/670 kB of archives. After unpacking 975 kB will be used.
> WARNING: untrusted versions of the following packages will be installed!
>
> Untrusted packages could compromise your system's security.
> You should only proceed with the installation if you are certain that
> this is what you want to do.
>
>   screen
>
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": no
>
> 最终软件可以正常安装和使用,小弟不是处女座,但有点洁癖。
>
> 于是在网上找到一通,在 debian 上没有,另一边 Ubuntu 有[1],于是我进行如下操作:
> gpg --verify MD5SUMS.sign MD5SUMS
> gpg --keyserver subkeys.pgp.net --recv-keys 6294BE9B ##[2]
> gpg -a --export 6294BE9B | sudo apt-key add -
>
> 以上都正常完成,但安装还是会提示有风险,并且最后我用 apt-key list 看的时候,
> hash 6294BE9B 其实已经在 /etc/apt/trusted.gpg 了。
>
> 看起来是我方向错了么,大家有类似的经验分享吗?
>
> 非常感谢!
>
>
> -Never
>
>
> [1] https://help.ubuntu.com/community/VerifyIsoHowto
> [2] https://wiki.debian.org/SecureApt
Reply to: