Due to a quite good popularity of one of my blogs I’ve decided to report its contents as an article for Linux.com.
I’ve spent one day crushing my head against a weird problem, never seen it on Debian, I was only updating four Debian “etch” to “lenny” and in two of them I’ve seen this:
han:~# apt-get update
...
...
Fetched 74.7kB in 0s (87.4kB/s)
Reading package lists... Done
W: There is no public key available for the following key IDs:
9AA38DCD55BE302B
W: GPG error: http://xxx.xx.xxx.org lenny Release:
The following signatures couldn't be verified because the public key
is not available:
NO_PUBKEY 9AA38DCD55BE302B
W: You may want to run apt-get update to correct these problems
So I did what I’ve read and issued the apt-get command again
han:~# apt-get dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
...
Fetched 74.7kB in 0s (99.9kB/s)
Reading package lists... Done
W: There is no public key available for the following key IDs:
9AA38DCD55BE302B
W: GPG error: http://ftp.it.debian.org lenny Release:
The following signatures couldn't be verified because the public key
is not available:
NO_PUBKEY 9AA38DCD55BE302B
W: You may want to run apt-get update to correct these problems
But still no luck, the problem raised again
I was thinking: what should I do next ?
After some google searches and after reading about gpg keys I’ve decided to solve the problem in this way:
1) As first thing I’ve decided to import this missing key with gpg, so run:
han:~# gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 9AA38DCD55BE302B
gpg: directory `/root/.gnupg' created
gpg: can't open `/gnupg/options.skel': No such file or directory
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
gpg: requesting key 55BE302B from hkp server
wwwkeys.eu.pgp.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 55BE302B: public key "Debian Archive Automatic
Signing Key (5.0/lenny) " imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Got it! So pgp.net replied my about authenticity of this Lenny key, so I’ve imported the newly created key to apt-get source packages, here’s:
han:~# apt-key add .gnupg/pubring.gpg
OK
Issued again apt-get update:
han:~# apt-get update
...
Fetched 1033B in 0s (1400B/s)
Reading package lists... Done
And everything worked like a charm
Hope it helps someone else, read blogs and save time
Update:
Solution #2
As suggested from Frank Matthie√ü here’s a “debian oriented solution”:
All gnupg public keys are available with the debian package “debian-archive-keyring”.
A “apt-get install debian-archive-keyring” or better “aptitude install debian-archive-keyring” wil do the job.
Hint for adding single gnupg key for package verifying:
“gpg –export –armor $GNUPG-KEYID | apt-key add – ”
An examble based on the values in this article:
“gpg –export –armor 55BE302B | apt-key add – “