Public key not available
Apt was generating errors tonight when I was trying to do an update:
W: GPG error: http://ftp.us.debian.org testing Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
W: You may want to run apt-get update to correct these problems
Unfortunately, re-running apt-get update did not fix anything.
After doing a little hunting on the web, I found out that this was because I was missing the latest GPG public key that Apt uses for signature checking.
To fix it, I used the procedure for mixing Ubuntu and Debian (scroll down to the part about downloading the key) and it resolved the issues. But the post to debian-announce about using secure apt with testing has a much easier method.
Update: I edited this post a little bit to clarify what the problem was. And people seem to be using it. Cool!
January 5th, 2006 at 6:02 pm
You are seeing that error because you don’t have the new 2006 key. You can get it here http://ftp-master.debian.org/ziyi_key_2006.asc
January 5th, 2006 at 6:22 pm
Yep. As I noted above, following the procedure to grab the new key fixed everything.
January 6th, 2006 at 1:57 am
thanks!
January 6th, 2006 at 7:36 pm
The method listed in the secure apt post doesn’t really apply to the error (except for the ’simple’ adding via wget | apt-key) since they’re pointing at an old GPG key, not the new one.
January 7th, 2006 at 12:26 am
Jay:
Good point! I didn’t use that specific procedure, so I hadn’t even noticed it still points to the 2005 key. So that won’t help. Funny, because that’s what I was told to use when I asked about the problem in #debian-sparc on freenode.
I think the first link about mixing Ubuntu and Debian was better. Perhaps I should write out the exact command/procedure that I used. :)
Thanks for pointing that out!
February 12th, 2006 at 12:17 am
Test Post
February 12th, 2006 at 3:07 pm
Yep, it works :)
July 27th, 2006 at 7:20 pm
Just a FYI
I’ve been staring at these missing PUBKEY messages in apt, even after following these instructions, and there should be an addendum:
1) for gpg to work, you need port 11371 open outbound on your firewall. If things are falling over with timeout messages, this might be your problem.
2) Each archive may require a separate key to the main debian one. I had trouble with blackdown java and debian multimedia. One of them looked like this:
W: GPG error: http://www.debian-multimedia.org sid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
W: You may want to run apt-get update to correct these problems
The key ID you need to get is the last 8 digits of that number:
spare:/# gpg –keyserver subkeys.pgp.net –recv-keys 1F41B907 ; gpg –export 1F41B907 | apt-key add -;
gpg: requesting key 1F41B907 from hkp server subkeys.pgp.net
gpg: key 1F41B907: “Christian Marillat ” 55 new signatures
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 55
OK
After that, it worked. Hope this helps someone, because it aint written anywhere, and I’ve wasted hours on it :) It SHOULD be easy to secure the archive sources on Debian, but it just isn’t for anyone not already using gpg. I’m sure lots of other people would have given up by now…
Mike
November 27th, 2006 at 11:25 pm
hey, I would like to thanks everyone! I having this problem for a long time, and now my apt finaly works!
it rules:
# wget | apt-key
# gpg –keyserver subkeys.pgp.net –recv-keys 1F41B907 ; gpg –export 1F41B907 | apt-key add -;
thanks!
May 15th, 2007 at 10:19 am
Thanks, your link to “mixing Ubuntu and Debian” did help me out of this message NO PUBKEY.
June 6th, 2007 at 2:31 am
gpg -keyserver subkeys.pgp.net -recv-keys 6070D3A1
gpg: conflicting commands
July 18th, 2007 at 8:06 am
try
# gpg –keyserver subkeys.pgp.net –recv-keys 6070D3A1
July 18th, 2007 at 8:08 am
you have to set ‘-’ 2 times in front of keyserver and recv-keys
August 13th, 2007 at 1:33 pm
root@home:~# gpg –keyserver subkeys.pgp.net –recv-keys 1F41B907
gpg: requesting key 1F41B907 from hkp server subkeys.pgp.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 1F41B907: public key “Christian Marillat ” imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1
September 25th, 2007 at 3:50 pm
Thanks all for the info.
This is what got my apt ticking again:
#gpg –keyserver subkeys.pgp.net –recv-keys 6070d3a1 ; gpg –export 6070d3a1 | apt-key add -;
The key was the last 8 hexdigits from the error seen on screen by apt-get update.
Thanks!
September 25th, 2007 at 3:52 pm
note: its’s the double dash in front of keyserver, recv-keys and export that apparantly doen’t show up well…
October 18th, 2007 at 4:37 pm
I just installed debian etch distribution found the same error while was going to upgrade it.
*********************************************************
W: There is no public key available for the following key IDs:
A70DAF536070D3A1
W: GPG error: http://security.debian.org etch/updates Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A70DAF536070D3A1
W: You may want to run apt-get update to correct these problems
*********************************************************
I used the command:
wget | apt-key update
and then confirm with:
wget | apt-key list
it shows the next output:
*********************************************************
gpg: key 2D230C5F: “Debian Archive Automatic Signing Key (2006) ” not changed
gpg: key 6070D3A1: public key “Debian Archive Automatic Signing Key (4.0/etch) ” imported
gpg: key ADB11277: “Etch Stable Release Key ” not changed
gpg: Total number processed: 3
gpg: imported: 1
gpg: unchanged: 2
gpg: no ultimately trusted keys found
debianfii:/home/jamr/Desktop/Downloads# wget | apt-key list
/etc/apt/trusted.gpg
*********************************************************
November 20th, 2007 at 10:23 am
I’m running debian sid/sidux. I was getting the following errors:
W: GPG error: http://ftp.debian-unofficial.org sid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 394D199524C52AC3
W: You may want to run apt-get update to correct these problems
Ran the following commands:
# gpg –keyserver subkeys.pgp.net –recv-keys 394D199524C52AC3
# gpg –export 394D199524C52AC3 | apt-key add -
I was good togo ; )
January 13th, 2008 at 10:10 pm
GPG is very useful, but you have to know how to use it correctly. There was a good manual on http://www.gnupg.org/. If you don’t have a key, you can either search or directly download it (if you know its number). See ‘gpg –help’ for all the commands. The ‘no ultimate trust’ message is likely because you don’t have a key yourself, which, if you’re using GPG, you should. Then, you use ‘gpg –edit ‘ and then option ‘trust’, select the proper number (5 for ultimate), and then ’save’ command. Now and then you should do ‘gpg –refresh-keys’ to collect new signatures. Have cron do it in the middle of the night, once a month or so. Also, you can write a ~/.gnupg/gpg.conf to contain the ‘keyserver hkp://subkeys.pgp.net’ so you don’t have to re-type it all the time.