Can't apt update, unavailable public key[fixed][solved]

If none of the more specific forums is the right place to ask

Can't apt update, unavailable public key[fixed][solved]

Postby Lightvader » 2017-10-21 11:58

I can't update my packages, because the public key is not available.
The problem must have arisen somewhere between last week and today, because I could do this a week ago.
The only things that might have caused this were adding 2 PPAs that i've since then removed(by unchecking and deleting the entries with software-properties-gtk).

I tried running
Code: Select all
sudo apt update

And it gives the following output:
Code: Select all
Ign:1 http://deb.debian.org/debian stretch InRelease
Ign:2 http://deb.debian.org/debian stretch/updates InRelease
Get:3 http://deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Err:3 http://deb.debian.org/debian stretch-updates InRelease                           
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Get:5 http://deb.debian.org/debian stretch Release [118 kB]                             
Get:4 http://security.debian.org stretch/updates InRelease [62.9 kB]
Err:6 http://deb.debian.org/debian stretch/updates Release         
  404  Not Found [IP: 151.101.4.204 80]
Err:4 http://security.debian.org stretch/updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:7 http://deb.debian.org/debian stretch Release.gpg [2479 B]
Ign:7 http://deb.debian.org/debian stretch Release.gpg
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
E: The repository 'http://deb.debian.org/debian stretch-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://deb.debian.org/debian stretch/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
E: The repository 'http://security.debian.org stretch/updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
E: The repository 'http://deb.debian.org/debian stretch Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


But running
Code: Select all
sudo apt keylist

shows that i do have the keys
Code: Select all
[sudo] password for lv:
/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]
                                                                                                                                                                                             
/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg                                                                                                                                     
--------------------------------------------------------                                                                                                                                     
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]                                                                                                                                           
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500                                                                                                                                     
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>                                                                                             
                                                                                                                                                                                             
/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg                                                                                                                                   
----------------------------------------------------------                                                                                                                                   
pub   rsa4096 2012-04-27 [SC] [expires: 2020-04-25]                                                                                                                                           
      A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553                                                                                                                                     
uid           [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>                                                                                             
                                                                                                                                                                                             
/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-------------------------------------------------------
pub   rsa4096 2012-05-08 [SC] [expires: 2019-05-07]
      ED6D 6527 1AAC F0FF 15D1  2303 6FB2 A1C2 65FF B764
uid           [ unknown] Wheezy Stable Release Key <debian-release@lists.debian.org>


This is the output of
Code: Select all
cat /etc/apt/sources.list && ls /etc/apt/sources.list.d/

for anyone interested

Code: Select all
                                                                                                                                                                                             
deb http://deb.debian.org/debian/ stretch main contrib non-free                                                                                                                               
deb-src http://deb.debian.org/debian/ stretch main contrib non-free                                                                                                                           
                                                                                                                                                                                             
deb http://deb.debian.org/debian/ stretch/updates main contrib non-free                                                                                                                       
deb-src http://deb.debian.org/debian/ stretch/updates main contrib non-free                                                                                                                   
                                                                                                                                                                                             
                                                                                                                                                                                                                                                                                                                                                                                           
deb http://security.debian.org/ stretch/updates contrib main non-free                                                                                                                         
deb http://deb.debian.org/debian/ stretch-updates contrib main non-free                                                                                                                       

alessandro-strada-ubuntu-ppa-artful.list  skype-stable.list



I have tried the following to resolve this:
  • Installing the debian-keyring and debian-archive-keyring
    Code: Select all
    sudo apt-get install debian-keyring debian-archive-keyring

    The installation of this went without errors, i rebooted, but tryiny to update still had the same problem.
  • installing the keys from https://ftp-master.debian.org/keys.html
    with
    Code: Select all
    wget -O - https://link/to/key.asc | apt-key add -

    The following variations
    Code: Select all
    wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    sudo wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    sudo -i wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -

    all gave this output
    Code: Select all
    --2017-10-21 09:08:09--  https://ftp-master.debian.org/keys/archive-key-8.asc
    Resolving ftp-master.debian.org (ftp-master.debian.org)... E: This command can only be used by root.
    138.16.160.17
    Connecting to ftp-master.debian.org (ftp-master.debian.org)|138.16.160.17|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7012 (6.8K) [text/plain]
    Saving to: 'STDOUT'

    -                                                 0%[                                                                                                      ]       0  --.-KB/s    in 0.03s   


    Cannot write to '-' (Broken pipe).


    and
    Code: Select all
    sudo su
    wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -


    gave this
    Code: Select all
    --2017-10-21 09:12:10--  https://ftp-master.debian.org/keys/archive-key-8.asc
    Resolving ftp-master.debian.org (ftp-master.debian.org)... 138.16.160.17
    Connecting to ftp-master.debian.org (ftp-master.debian.org)|138.16.160.17|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7012 (6.8K) [text/plain]
    Saving to: 'STDOUT'

    -                                               100%[=====================================================================================================>]   6.85K  --.-KB/s    in 0.03s   

    2017-10-21 09:12:11 (269 KB/s) - written to stdout [7012/7012]

    gpg: WARNING: nothing exported
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0


What can I do to resolve this?
Last edited by Lightvader on 2017-10-23 09:57, edited 1 time in total.
Lightvader
 
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

Postby Head_on_a_Stick » 2017-10-21 12:23

Can we see the output of:
Code: Select all
apt-cache policy debian-keyring

Have you tried adding the key directly, without the pipe (download the .asc file and place in the working directory beforehand):
Code: Select all
# apt-key add archive-key-8.asc
"Only the mediocre are always at their best." — Jean Giraudoux
User avatar
Head_on_a_Stick
 
Posts: 6666
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Can't apt update, unavailable public key

Postby Lightvader » 2017-10-21 13:15

Thanks for replying.

Head_on_a_Stick wrote:Can we see the output of:
Code: Select all
apt-cache policy debian-keyring


that would be
Code: Select all
[sudo] password for lv:
debian-keyring:
  Installed: 2017.05.28
  Candidate: 2017.05.28
  Version table:
 *** 2017.05.28 500
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status



Head_on_a_Stick wrote:Have you tried adding the key directly, without the pipe (download the .asc file and place in the working directory beforehand):
Code: Select all
# apt-key add archive-key-8.asc




Just tried that.
Doesn't work.
Code: Select all
sudo apt-key add archive-key-9-security.asc
and the other keys all give me
Code: Select all
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
Lightvader
 
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

Postby Head_on_a_Stick » 2017-10-21 13:34

Looks like you need a "key hash" as well:

https://ubuntuforums.org/showthread.php?t=2196704
"Only the mediocre are always at their best." — Jean Giraudoux
User avatar
Head_on_a_Stick
 
Posts: 6666
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Can't apt update, unavailable public key

Postby Lightvader » 2017-10-21 14:46

Head_on_a_Stick wrote:Looks like you need a "key hash" as well:

https://ubuntuforums.org/showthread.php?t=2196704

Thanks,
but that didn't work. Or, I'm pointing it at the wrong thing.
I tried

Code: Select all
gpg --keyserver keyring.debian.org --recv-keys 0x7638D0442B90D010
gpg --keyserver keyring.debian.org --recv-keys 7638D0442B90D010
gpg --keyserver keyring.debian.org --recv-keys 2B90D010


and they all give me

Code: Select all
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


this also doesn't work.
Code: Select all
lv@dbian-laptop:~$ gpg --keyserver ftp-master.debian.org --recv-keys 2B90D010
gpg: keyserver receive failed: No keyserver available


What keyserver should i point it to?


Also, on the debian keyring page ( https://wiki.debian.org/DebianKeyring ), i found
another method to download the keyrings

Code: Select all
rsync -az --progress keyring.debian.org::keyrings/keyrings/ .

this downloaded some files, namely
debian-keyring.gpg
debian-maintainers.gpg
debian-role-keys.gpg
emeritus-keyring.gpg
extra-keys.pgp
debian-nonupload.gpg

i imported them all with
Code: Select all
gpg  --import filename.pgp

and tried exporting them and then adding them to apt-keys
Code: Select all
gpg --export --armor keyhash|sudo apt-key add -
with the following keyhashes
46925553
2B90D010
C857C906
F66AEC98
8AE22BA9

That also didn't work.

Code: Select all
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.

for all of them.
Lightvader
 
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

Postby Lightvader » 2017-10-23 09:56

It is fixed now.
Here's how:
As described here,
1. Delete /etc/apt/trusted.gpg
2. Purge /var/lib/apt/lists (just delete everything in this directory)
3. Change sources.list to the default described here: https://wiki.debian.org/SourcesList
4. run `sudo apt update`

Thanks, /u/RansomOfThulcandra over on /r/techsupport for linking the solution, peacerebel at serverfault and
Wayne Hartell at readinglist
and for their help in getting this fixed.
Lightvader
 
Posts: 4
Joined: 2017-10-21 11:40


Return to General Questions

Who is online

Users browsing this forum: No registered users and 4 guests

fashionable