How to fix NO_PUBKEY errors in "apt-get update" operations

You can find the answer in this post, but I also document it here so I'll have a permanent copy.

Let's suppose you've got an error like this:
W: GPG error: http://ftp.de.debian.org stable/non-US Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F1D53D8C4F368D5D
W: You may want to run apt-get update to correct these problems

You should run the following to fix it (substitute F1D53D8C4F368D5D with the one from your error message):
gpg --keyserver subkeys.pgp.net --recv F1D53D8C4F368D5D
gpg --export --armor F1D53D8C4F368D5D | apt-key add -

Now you can run apt-get update and will not get an error message.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

sudo gpg --keyserver


sudo gpg --keyserver subkeys.pgp.net --recv F1D53D8C4F368D5D
gpg: requesting key 4F368D5D from hkp server subkeys.pgp.net
gpg: key 4F368D5D: public key "Debian Archive Automatic Signing Key (2005) <ftpmaster@debian.org>" imported
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1


sudo gpg --export --armor F1D53D8C4F368D5D | apt-key add -
gpg: can't open `/etc/apt/trusted.gpg'
gpg: keydb_get_keyblock failed: eof
gpg: no writable keyring found: eof
gpg: error reading `-': general error
gpg: import from `-' failed: general error


So don't work Sad

are keyrings installed?

Check whether you've the appropriate keyring package installed.
On Debian it's the debian-archive-keyring package, on Ubuntu it's the ubuntu-keyring package. If you've the keyring package installed, then try to update the keys with an apt-key update first and try to add the missing key (as described in my original post) only afterwards.

sudo doesnt carry across the

sudo doesnt carry across the pipe. You need to:

sudo gpg --export --armor F1D53D8C4F368D5D | sudo apt-key add -

Note the second 'sudo'

Re: sudo doesnt ...

Thanks. I didn't notice that one in example by EL0HIM. I used to start a root shell with sudo since it makes life a lot easier if you've to execute several commands in a row with root privileges.

sudo

normaly ur message means that u have a lock on ur file for this user and if u use the solution with sudo u ll have pb too there is user usage pb so what u realy need to do is drop the first sudo and just use sudo on the second i think that ur user dont have access to apt-get so u must use :
gpg --armor --export KEY_NUMBER | sudo apt-key add -

solved the problem for me!

This is one of the few sites where this solution is specified, and it worked for me. Thanks!

You may need to try different key servers

Had the problem with key 9AA38DCD55BE302B, but subkeys.pgp.net or keyring.debian.org didn't have the key. Eventually, it worked with wwwkeys.eu.pgp.net :

gpg --keyserver wwwkeys.eu.pgp.net --recv 9AA38DCD55BE302B
gpg --export --armor 9AA38DCD55BE302B | apt-key add -

Worked fine! Thank you very

Worked fine! Thank you very much Smile

Many many thanks

Am just starting a server upgrade and had this problem. Many thanks to the original poster and especially to you for this note on the necessary lines!

Gotta love the internet!

Thanks

This worked for me too. Great!

Thanx very much

You've saved me a lot of time on my way to build linux-wrap bluetooth presence box Smile

different keys!

Excellent bro. ! thanx for gr8 help in deed.

Unfortunately

Unfortunately wwwkeys.eu.pgp.net was down, so I've just changed it to main site:

gpg --keyserver wwwkeys.pgp.net --recv 9AA38DCD55BE302B
gpg --export --armor 9AA38DCD55BE302B | apt-key add -

keyrings and updates

Finally!! thanks for your post!

What might be the original cause

I'm suffering this Problem aswell. Adding the key with apt-key add works for the next aptitude update, but doesn't fix it permanently. After the next reboot or an aptitude install package or aptitude dist-upgrade the problem is back. Any ideas.

Re: What might be the original cause

Quite strange. Fortunately apt-key is a shell-script so it's easy to peek in on it's logic. Check out your /etc/apt/*.gpg files. I've there the following:
$ ls -al /etc/apt/*.gpg
-rw------- 1 root root     0 2008-10-27 11:51 /etc/apt/secring.gpg
-rw------- 1 root root  1200 2010-06-14 15:56 /etc/apt/trustdb.gpg
-rw-r--r-- 1 root root 18617 2010-10-28 13:16 /etc/apt/trusted.gpg

apt-key works with these files. Maybe one of them got corrupt. Shock Try listing the contents of your key database prior to running apt-key add ... and after running it. Optionally you could try to recreate them (of course, make a backup of your old *.gpg before going into any experimentation.

Server down!

Andromeda:gpg --keyserver subkeys.pgp.net --recv F1D53D8C4F368D5D
gpg: requesting key 4F368D5D from hkp server subkeys.pgp.net
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error
Andromeda:ping subkeys.pgp.net
PING subkeys.pgp.net (116.240.198.71) 56(84) bytes of data.
^C
--- subkeys.pgp.net ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms

Andromeda:

Help!

Re: Server down!