Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Can't apt update, unavailable public key[fixed][solved]

If none of the specific sub-forums seem right for your thread, ask here.
Post Reply
Message
Author
Lightvader
Posts: 4
Joined: 2017-10-21 11:40

Can't apt update, unavailable public key[fixed][solved]

#1 Post by Lightvader »

I can't update my packages, because the public key is not available.
The problem must have arisen somewhere between last week and today, because I could do this a week ago.
The only things that might have caused this were adding 2 PPAs that i've since then removed(by unchecking and deleting the entries with software-properties-gtk).

I tried running

Code: Select all

sudo apt update 
And it gives the following output:

Code: Select all

Ign:1 http://deb.debian.org/debian stretch InRelease
Ign:2 http://deb.debian.org/debian stretch/updates InRelease
Get:3 http://deb.debian.org/debian stretch-updates InRelease [91.0 kB]
Err:3 http://deb.debian.org/debian stretch-updates InRelease                            
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Get:5 http://deb.debian.org/debian stretch Release [118 kB]                             
Get:4 http://security.debian.org stretch/updates InRelease [62.9 kB]
Err:6 http://deb.debian.org/debian stretch/updates Release         
  404  Not Found [IP: 151.101.4.204 80]
Err:4 http://security.debian.org stretch/updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:7 http://deb.debian.org/debian stretch Release.gpg [2479 B]
Ign:7 http://deb.debian.org/debian stretch Release.gpg
Reading package lists... Done 
W: GPG error: http://deb.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
E: The repository 'http://deb.debian.org/debian stretch-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: The repository 'http://deb.debian.org/debian stretch/updates Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.debian.org stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
E: The repository 'http://security.debian.org stretch/updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
E: The repository 'http://deb.debian.org/debian stretch Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
But running

Code: Select all

sudo apt keylist
shows that i do have the keys

Code: Select all

[sudo] password for lv: 
/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]
                                                                                                                                                                                              
/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg                                                                                                                                      
--------------------------------------------------------                                                                                                                                      
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]                                                                                                                                           
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500                                                                                                                                      
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>                                                                                              
                                                                                                                                                                                              
/etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg                                                                                                                                    
----------------------------------------------------------                                                                                                                                    
pub   rsa4096 2012-04-27 [SC] [expires: 2020-04-25]                                                                                                                                           
      A1BD 8E9D 78F7 FE5C 3E65  D8AF 8B48 AD62 4692 5553                                                                                                                                      
uid           [ unknown] Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>                                                                                             
                                                                                                                                                                                              
/etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg
-------------------------------------------------------
pub   rsa4096 2012-05-08 [SC] [expires: 2019-05-07]
      ED6D 6527 1AAC F0FF 15D1  2303 6FB2 A1C2 65FF B764
uid           [ unknown] Wheezy Stable Release Key <debian-release@lists.debian.org>
This is the output of

Code: Select all

cat /etc/apt/sources.list && ls /etc/apt/sources.list.d/
for anyone interested

Code: Select all

                                                                                                                                                                                              
deb http://deb.debian.org/debian/ stretch main contrib non-free                                                                                                                               
deb-src http://deb.debian.org/debian/ stretch main contrib non-free                                                                                                                           
                                                                                                                                                                                              
deb http://deb.debian.org/debian/ stretch/updates main contrib non-free                                                                                                                       
deb-src http://deb.debian.org/debian/ stretch/updates main contrib non-free                                                                                                                   
                                                                                                                                                                                              
                                                                                                                                                                                                                                                                                                                                                                                            
deb http://security.debian.org/ stretch/updates contrib main non-free                                                                                                                         
deb http://deb.debian.org/debian/ stretch-updates contrib main non-free                                                                                                                       

alessandro-strada-ubuntu-ppa-artful.list  skype-stable.list

I have tried the following to resolve this:
  • Installing the debian-keyring and debian-archive-keyring

    Code: Select all

    sudo apt-get install debian-keyring debian-archive-keyring
    The installation of this went without errors, i rebooted, but tryiny to update still had the same problem.
  • installing the keys from https://ftp-master.debian.org/keys.html
    with

    Code: Select all

    wget -O - https://link/to/key.asc | apt-key add -
    The following variations

    Code: Select all

    wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    sudo wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    sudo -i wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    all gave this output

    Code: Select all

    --2017-10-21 09:08:09--  https://ftp-master.debian.org/keys/archive-key-8.asc
    Resolving ftp-master.debian.org (ftp-master.debian.org)... E: This command can only be used by root.
    138.16.160.17
    Connecting to ftp-master.debian.org (ftp-master.debian.org)|138.16.160.17|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7012 (6.8K) [text/plain]
    Saving to: 'STDOUT'
    
    -                                                 0%[                                                                                                      ]       0  --.-KB/s    in 0.03s   
    
    
    Cannot write to '-' (Broken pipe).
    
    and

    Code: Select all

    sudo su 
    wget -O - https://ftp-master.debian.org/keys/archive-key-8.asc | apt-key add -
    gave this

    Code: Select all

    --2017-10-21 09:12:10--  https://ftp-master.debian.org/keys/archive-key-8.asc
    Resolving ftp-master.debian.org (ftp-master.debian.org)... 138.16.160.17
    Connecting to ftp-master.debian.org (ftp-master.debian.org)|138.16.160.17|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 7012 (6.8K) [text/plain]
    Saving to: 'STDOUT'
    
    -                                               100%[=====================================================================================================>]   6.85K  --.-KB/s    in 0.03s   
    
    2017-10-21 09:12:11 (269 KB/s) - written to stdout [7012/7012]
    
    gpg: WARNING: nothing exported
    gpg: no valid OpenPGP data found.
    gpg: Total number processed: 0
    
    
What can I do to resolve this?
Last edited by Lightvader on 2017-10-23 09:57, edited 1 time in total.

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Can't apt update, unavailable public key

#2 Post by Head_on_a_Stick »

Can we see the output of:

Code: Select all

apt-cache policy debian-keyring
Have you tried adding the key directly, without the pipe (download the .asc file and place in the working directory beforehand):

Code: Select all

# apt-key add archive-key-8.asc
deadbang

Lightvader
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

#3 Post by Lightvader »

Thanks for replying.
Head_on_a_Stick wrote:Can we see the output of:

Code: Select all

apt-cache policy debian-keyring
that would be

Code: Select all

[sudo] password for lv: 
debian-keyring:
  Installed: 2017.05.28
  Candidate: 2017.05.28
  Version table:
 *** 2017.05.28 500
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

Head_on_a_Stick wrote: Have you tried adding the key directly, without the pipe (download the .asc file and place in the working directory beforehand):

Code: Select all

# apt-key add archive-key-8.asc

Just tried that.
Doesn't work.

Code: Select all

sudo apt-key add archive-key-9-security.asc
and the other keys all give me

Code: Select all

gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: Can't apt update, unavailable public key

#4 Post by Head_on_a_Stick »

Looks like you need a "key hash" as well:

https://ubuntuforums.org/showthread.php?t=2196704
deadbang

Lightvader
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

#5 Post by Lightvader »

Head_on_a_Stick wrote:Looks like you need a "key hash" as well:

https://ubuntuforums.org/showthread.php?t=2196704
Thanks,
but that didn't work. Or, I'm pointing it at the wrong thing.
I tried

Code: Select all

gpg --keyserver keyring.debian.org --recv-keys 0x7638D0442B90D010
gpg --keyserver keyring.debian.org --recv-keys 7638D0442B90D010
gpg --keyserver keyring.debian.org --recv-keys 2B90D010
and they all give me

Code: Select all

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
this also doesn't work.

Code: Select all

lv@dbian-laptop:~$ gpg --keyserver ftp-master.debian.org --recv-keys 2B90D010
gpg: keyserver receive failed: No keyserver available
What keyserver should i point it to?


Also, on the debian keyring page ( https://wiki.debian.org/DebianKeyring ), i found
another method to download the keyrings

Code: Select all

rsync -az --progress keyring.debian.org::keyrings/keyrings/ .
this downloaded some files, namely
debian-keyring.gpg
debian-maintainers.gpg
debian-role-keys.gpg
emeritus-keyring.gpg
extra-keys.pgp
debian-nonupload.gpg

i imported them all with

Code: Select all

gpg  --import filename.pgp
and tried exporting them and then adding them to apt-keys

Code: Select all

gpg --export --armor keyhash|sudo apt-key add -
with the following keyhashes
46925553
2B90D010
C857C906
F66AEC98
8AE22BA9

That also didn't work.

Code: Select all

gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
for all of them.

Lightvader
Posts: 4
Joined: 2017-10-21 11:40

Re: Can't apt update, unavailable public key

#6 Post by Lightvader »

It is fixed now.
Here's how:
As described here,
1. Delete /etc/apt/trusted.gpg
2. Purge /var/lib/apt/lists (just delete everything in this directory)
3. Change sources.list to the default described here: https://wiki.debian.org/SourcesList
4. run `sudo apt update`

Thanks, /u/RansomOfThulcandra over on /r/techsupport for linking the solution, peacerebel at serverfault and
Wayne Hartell at readinglist
and for their help in getting this fixed.

Post Reply