우분투를 사용하다 보면 저장소(repository)를 추가할 경우가 있습니다 .이런경우 GPG 가 인증되지 않았으니, 어쩌지 하면서 저장소의 패키지를 제대로 사용하지 못 하는 경우가 있습니다. 이런경우 아래와 같이 key를 등록하여 사용할 수 있습니다.
하필 영어 블로그를 따다 붙입니다.
Should you need to download packages from a unofficial repository,
you need not disable gpg signature verification. Instead, you can
import the key used to sign the packages into your local keyring.
Of course, you may not know what key to fetch. That’s probably okay,
as if the public portion of key is not explicitly divulged, it is
probably in a key repository. If you can find the email address of the
repository owner, that’s probably the piece of information you need to
retrieve the key.
$ gpg --keyserver subkeys.pgp.net --search-keys jasonb@edseek.com pg: searching for "jasonb@edseek.com" from hkp server subkeys.pgp.net (1) Jason Boxman 1024 bit DSA key 4BD9A338, created: 2002-12-06
Next, select the key that seems most appropriate. There may only be
one, or one may mention repository signing key or something similar.
When in doubt you can fetch all the keys. Next we must armor export the
key.
$ gpg -a --output /tmp/pub.asc --export 4BD9A338
Finally, let us tell apt about the key.
$ sudo apt-key add /tmp/pub.asc && rm /tmp/pub.asc
Only perform the above action if you really trust the key. (And I do
mean the key, as it ultimately is what is granted trust, not whoever
purports to be its owner.)
# apt-get update
And you are on your way again!