The following signatures couldn't be verified because the public key is not available: NO_PUBKEY

While upgrading Debian, you might experience difficulties like

# apt-get update

Get:1 http://ftp.dk.debian.org lenny Release.gpg [189B]
Ign http://ftp.dk.debian.org lenny/main Translation-en_DK
Hit http://ftp.dk.debian.org lenny Release
Hit http://ftp.dk.debian.org lenny/main Packages/DiffIndex
Hit http://ftp.dk.debian.org lenny/main Sources/DiffIndex
Fetched 1B in 4s (0B/s)

Reading package lists… Done

W: GPG error: http://ftp.dk.debian.org lenny Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D5642BC86823D007
W: You may want to run apt-get update to correct these problems

This can be caused by a dist-upgrade or various other reasons, to keep it short, I will post

A few possible solutions to this.

#apt-key update

This will obtain the necessary keys and import them. No need to go through gpg directly.
if above doesnt do the trick, heres another solution(might fail tho, if apt wont let you update/install)

# apt-get install debian-archive-keyring

in case this doesnt do the trick neither, it might be caused by old expired keys which didnt get updated while installing debian-archive-keyring. so heres a way to take care of that..

#apt-key list

which will list currently active and expired keys.
then eg. do

#apt-key del 1DB114E0
#apt-key del 4F368D5D
#apt-key del 2D230C5F

or simply

#apt-key del

to erase all expired keys marked for deletion.

Then finally.

#apt-get remove –purge debian-archive-keyring
#apt-get install debian-archive-keyring

Now, if youre just plain unlucky, something fucks up, or you just want to try another way to solve it.
you can do it with gpg manually.

the procedure is.

#gpg –keyserver <keyserver> –recv-keys <pubkeynumber>
#gpg –armor –export <keynumber> | apt-key add -

eg.

#gpg –keyserver pgp.mit.edu –recv-keys D5642BC86823D007 # this being the pub_key you got earlier.

which should result in something like

gpg: requesting key 8722E71E from hkp server pgp.mit.edu
gpg: key 8722E71E: public key “secure-testing Archive key 2005-7 <katie@secure-testing.debian.net>” imported

gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1

Then type something like.

#gpg –armor –export 8722E71E | apt-key add -

which would output something like.

gpg: no ultimately trusted keys found
OK

At this point, the gpg key is recorded in your local database, and you shouldn’t see the gpg error for that particular repository.

Some additional key servers:

keyring.debian.org
pgp.mit.edu
pgpkeys.pgp.net
wwkeys.uk.pgp.net
wwwkeys.pgp.net

This entry was posted on October 11, 2007, 10:38 am and is filed under apt, debian, linux. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

#1 by Dan on July 11, 2008 - 7:21 pm

Quote

DO NOT DO THIS COMMAND!!!

#apt-get remove â€“purge debian-archive-keyring

I didn’t pay attention to the packages being removed, because I trusted this article. It removed the entirety of apt from my system, and I had to go manually download apt. It wasn’t that difficult, but still frustrating.

#2 by admin on July 14, 2008 - 8:47 pm

thats odd – what distribution did you use?

#3 by PhillC on July 18, 2008 - 9:21 am

Same thing happened to me. Debian Lenny.

Fixed (I hope!) with:

wget http://ftp.uk.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2008.04.16+nmu1_all.deb

sudo dpkg -i debian-archive-keyring_2008.04.16+nmu1_all.deb

wget http://ftp.uk.debian.org/debian/pool/main/a/apt/apt_0.7.14+b1_i386.deb

sudo dpkg -i apt_0.7.14+b1_i386.deb

sudo apt-get install synaptic

www.annoying.dk

yet another useless blog

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY xxx

3 Comments

Recent Comments