Debian PUB_KEY Problems

Jan. 8-06
Having problems updating because you’re missing authentication keys on Debian? I “cracked my head” over this because I couldn’t find unbroken clear step by step instructions on the net, or even on the mailing lists. Read the following account on how I encountered this problem and solved it, or just skip ahead to the solution.

The following error was encountered when attempting # apt-get update:

Reading package lists… Done
W: GPG error: http://gulus.usherbrooke.ca testing Release: The following
signatures couldn’t be verified because the public key is not available:
NO_PUBKEY 010908312D230C5F
W: GPG error: http://debian.yorku.ca testing Release: The following
signatures
couldn’t be verified because the public key is not available: NO_PUBKEY
010908312D230C5F
W: You may want to run apt-get update to correct these problems
USER@SYSTEM:~$ cat updateProblems
Jan 8-06
The following error was encountered when attempting # apt-get update.

No amount of # apt-get update fixed the solution until …

First of all you can see keys & check their exp. dates with:

$ apt-key list


Solution:

You can get keys using the following syntax:

http://ftp-master.debian.org/ziyi_key_<i>year</i&gt;.asc

  1. Get key ziyi_key_2006.asc from http://ftp-master.debian.org/ and download to /home. (I did this with Firefox but in /home you can pass:
    $ wget http://ftp-master.debian.org/ziyi_key_2006.asc
  2. Then import the key:
    $ gpg –import ziyi_key_2006.asc
  3. Get the key id from the above command (ie., XXXXXXXX) and pass the following:
    $ gpg –fingerprint XXXXXXXX
  4. Have apt accept the key (I did this as # and as a piped command but some suggest only the latter command should be done as #, so you might want to perform them separately):
    # gpg –armor –export XXXXXXXX | apt-key add –

For security purposes, you can split the last (composite) command into two and only perform the newly formed last command as root.

Refs:
Get keys from:
http://ftp-master.debian.org/

Use of secure apt with testing was first commented at:
http://lists.debian.org/debian-user/2005/11/msg00064.html
but the instructions seem broken with the 2006 key (It’s Jan. 2006 as I
write).

Maurice Cepeda

Notes
*Don’t forget to enable testing security as per (not default):
http://secure-testing-master.debian.net/

*Debian is inconsistent on the key naming convention and install procedure (various working models break). Anyway, I’ve found various guides including the following,

but –as noted on at least one mailing list– it doesn’t work.

UPDATE: Sept. 20, 2007
Last time I had missing or outdated key problems, the above did not work. Apparently the original above method is deprecated. As far as I recall, I first listed all keys, then identified the expired ones, finishing up with their deletion.

  • apt-key list
  • apt-key del xxxxx

(Repeat the above for every expired key.) I then performed,

  • apt-key update
  • apt-get update

Others have had to also do the following, with the first line being optional,

  • dpkg –purge debian-archive-keyring
  • apt-get install debian-archive-keyring
  • apt-get update

(<http://blog.kovyrin.net/2006/11/28/debian-problem-apt-get-update/>)
Still others reported having to pass something like,

  • apt-key add /usr/share/keyrings/debian-role-keys.gpg

after installing the debian-archive-keyring (<http://www.mepis.org/node/1547>).

This is licensed under the Attribution-NonCommercial-ShareAlike 3.0 Unported Creative Commons License. All brands mentioned are properties of their respective owners. By reading this article, the reader forgoes any accountability of the writer. The reading of this article implies acceptance of the above stipulations. The author requires attribution –by full name and URL– and notification of republications.

This article may be outdated and of historical value.

Advertisements