Public key not available error

From MEPIS Documentation Wiki

Jump to: navigation, search

Apt-get includes package authentication in order to improve security. You can still install non-authenticated packages, but if you want to take advantage of this feature do the following (note that not all the deb repositories implemented this feature, if you upgrade from such a repository you'll get a "packages could not be authenticated" warning).

Easiest method

Works for MEPIS 8, 8.5 and 11.

Enable the Community repositories, then install checkaptgpg with Synaptic. Then, when you get a warning about a public key not being available, run this application by clicking StartMenu > System > Check Apt GPG. Enter Y and then the root password. When it is finished, the window will disappear.

Manual method

If you get a warning similar to this:

W: GPG error: ftp://ftp.nerim.net unstable Release: The following signatures couldn't be verified 
because the public key is not available: NO_PUBKEY 07DC563D1F41B907

Note the 16 character string of seemingly random numbers and letters? That is the public key, put that in place of <pubkey> in the instructions below.

  1. open konsole, type "su" and root password.
  2. gpg --keyserver keyserver.ubuntu.com --recv-keys <pubkey>
  3. gpg --armor --export <pubkey> | apt-key add -
  4. apt-get update

Keys may be on any of these servers as well:

  1. subkeys.pgp.net
  2. minsky.surfnet.nl
  3. wwwkeys.pgp.net
  4. pgp.dtype.org
  5. wwwkeys.us.pgp.net

Notes
1. If you get the following error when you try to add the key:

gpg: WARNING: unsafe ownership on configuration file `/home/username/.gnupg/gpg.conf' 

Run this command in Konsole:

chown root:root ~/.gnupg/gpg.conf

2. If you are missing MEPIS key use this how-to: MEPIS key

Script method

You can use a script developed by Community members to do this task for you in the following way:

  • Right-click the desktop Create New --> Text File, and name it gpgerror_fix
  • Open the file and paste in the following:
#!/bin/sh

# checkaptget - check the .gpg signed Release files for missing keys

# Check if I am root for use later.
if [ $(id -u) -ne 0 ]; then
    ROOT=0
else
    ROOT=1
fi

# Will we need to be rerun as root?
RERUN=0

# The location of the trusted keyring.
APT_TRUSTED=/etc/apt/trusted.gpg

# The location of the Release files.
APT_LISTS=/var/lib/apt/lists

# Get a list of repositories for which we have downloaded a Release file
REPOSITORIES=`ls $APT_LISTS | grep Release$`

# For each repository look for a matching Release.gpg signature
for repo in $REPOSITORIES
do
    echo Checking $repo
    RELEASE=$APT_LISTS/$repo
    GPG=''
    if [ -s $RELEASE.gpg ]
    then
        GPG=$RELEASE.gpg
    else
        if [ -s $APT_LISTS/partial/$repo.gpg ]
        then
            GPG=$APT_LISTS/partial/$repo.gpg
        else
            if [ -s $APT_LISTS/partial/$repo.gpg.reverify ]
            then
                GPG=$APT_LISTS/partial/$repo.gpg.reverify
            fi
        fi
    fi
    if [ $GPG ]
    then
        # We have found a Release.gpg signature
        ANSWER=`gpg -q --no-default-keyring --keyring $APT_TRUSTED --verify $GPG $RELEASE 2>&1`
        if [ $? -ne 0 ]
        then
            # GPG errored -
            # Assume that an ID was included in the error message in the form
            # ... ID <GPGID> ...
            IDFOUND=0
            for xx in $ANSWER
            do
                if [ $IDFOUND -eq 0 ]
                then
                    if [ "ID" = "$xx" ]
                    then
                        IDFOUND=1
                    fi
                else
                    GPGKEY=$xx
                    break
                fi
            done
            if [ $ROOT -eq 1 ]; then
                # We are root, so we can try to download the key.
                apt-key adv --keyserver hkp://subkeys.pgp.net --recv-key $GPGKEY
                # Assume it worked.
            else
                # We are not root, so output a message.
                echo "    Missing GPG ID $GPGKEY"
                RERUN=1
            fi
        else
            echo "    Good GPG signature found."
        fi
    else
        echo "    No GPG Release signature found."
    fi
done

if [ $RERUN -gt 0 ]; then
    echo
    echo "Rerun as root to download the missing keys."
fi
  • Save the file, then right-click it, click the Permissions tab, and check Is executable.
  • Move the file to /usr/local/bin
  • Now you can run the script by typing gpgerror_fix in a terminal, and it will check and fix all keys automatically.
  • If you like, you can create a desktop link or menu entry for it; in the latter case, be sure to have it open in a terminal, and add "sleep 10" at the end of the script so you can see the results before it exits.


Recommended sources | FAQ | Main Page

Personal tools
In other languages