How to fix missing GPG keys?
I have just installed Ubuntu 12.04 and I added some repo, and when I did
apt-get update, I got missing gpg key.Following command seems to doesn't work for me:
apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver subkeys.pgp.net --recv $key && sudo gpg --export --armor $key | apt-key add -; doneHow to fix this problem?
I solved my problem using Y-ppa-manager. Thanks to Ashu for the solution!
Detailed solution with screenshots http://opensourceforgeeks.blogspot.in/2013/04/w-gpg-error-httpppalaunchpadnet-precise.html
I liked this solution, re-download the missing keys from the Ubuntu key server.
For Ubuntu
In my case
Reading package lists... Done W: GPG error: http://ppa.launchpad.net precise Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2EA8F35793D8809AHere is the command to add the missing key mentioned in the error message.
sudo apt-key adv --keyserver ha.pool.sks-keyservers.net --recv-keys 2EA8F35793D8809ASo I take the missing key
2EA8F35793D8809Aand ask the keyserver.ubuntu.com to added it to the list of keys I have in apt.For linux mint
Your key server is slightly differentkeyserver.linuxmint.comsudo apt-key adv --recv-key --keyserver keyserver.linuxmint.com "missing key"Alternative key servers to try
keyserver.ubuntu.comhttp://askubuntu.com/a/136735/10998 did not work for me.
Works for me. Need to ignore the " in the original blog post.
It worked for me too. I think it is the easiest solution of all.
Are there any security implications to doing this? I'm basically just downloading a public key over http, right?
Best answer so far on AskUbuntu.
What is Ubuntu key server?
@iamcreasy , in order to prove to Ubuntu installations that the packages you are installing are secure and malware free each package is signed by the ubuntu key server. So your installer checks if the package you are installing is from a trusted and verified source. I have not found any really good documentation about it, but this might help gpg doc
I have created a function do add needed keys `adkeys (){ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$1";}` And to remove duplicated or problematic keys I am use to do this: `grep -ril "pattern" /etc/apt | sudo xargs rm -f`
I recommend `--keyserver ha.pool.sks-keyservers.net`. It's a high-availability pool of key servers, which greatly increases your chance of getting the key you want.
@Ajedi32 no, there are no security implications. It's a *public* key. If it were compromised during transmission, signature verification would fail, but there is no risk.
@kynan Not if the file whose signature you're trying to verify was _also_ compromised in transmission. Then the MITM attacker could make the signature verification succeed, right? What's the point of verifying a potentially compromised file with an unknown key?
@Ajedi32 Suppose that's a possible attack vector, however packages are usually fetched via secure connection. Read more about security implications of GPG key fetching at https://security.stackexchange.com/a/4162/200010
There is a software called as
Y PPA managerIt can help fix GPG keys errors.
Y PPA managerTo install -
sudo add-apt-repository ppa:webupd8team/y-ppa-manager sudo apt-get update sudo apt-get install y-ppa-managerOnce you install it start it ,then go to
advanceand select "import all missing GPG keys"You must add sudo to this command! `sudo apt-get...`
This worked for me also and I'm very impressed with the clean easy to use interface of Y PPA Manager it was a nice find, Thanks Ashu.
I did what you say but nothing happened. I mean that I can't find the app anywhere in the menu.
@CristianaNicolae Once installed, you can find Y PPA Manager under Applications > System Tools.
Sorry Ashu, I have checked and double checked. I still can't see it there. It seems that it is installed somewhere in the system, but for some reasons, it doesn't show anywhere in menu.
@Cristiana - if it is installed properly, type command in terminal: sudo y-ppa-manager
Installing software that magically handles the issue for you is really not a solution.
The automatic download using
apt-key adv --recv-keysmay not work behind a firewall.In this case, open the webpage of Ubuntu Key Server in your web browser and search for the string
0x<hexadecimal code of your missing key>.
Open the link in the pub section. Save the key contents (from
-----BEGIN PGP PUBLIC KEY BLOCK-----to-----END PGP PUBLIC KEY BLOCK-----) as a file.
Then run:
sudo apt-key add <file-with-saved-key>Source: http://opensourceforgeeks.blogspot.in/2013/04/w-gpg-error-httpppalaunchpadnet-precise.html
first enter the following command in the terminal
sudo rm /var/lib/apt/lists/* -vfthen update your system by entering the following command in the terminal
sudo apt-get update && sudo apt-get upgradeafter this there should be no errors and everything should work fine.
thx for reply. The sollution for my problem was preety much simpler: type `sudo su` before typing my command above
While that will have helped you, `sudo su` is in no way the correct approach - in this case `sudo -s` would have done what you needed.
I think you meant `sudo rm /var/lib/apt/lists/* -rf` (option "r" instead of "v")
Using both `sudo` and `rm` is dangerous. Using both `rm` and `*` is dangerous. Use the three in the same command and a shark will bite you, or your files.
This is not working for me.
For Ubuntu 12.04 Precise: Permanent solution
to this error message occuring after adding a new repository and updating repository list. This is due to a server which address is no more valid. So just change the address to a good one.
Open the file
~/.gnupg/gpg.confwith a text editor.In terminal:
gedit ~/.gnupg/gpg.confthen, in this file, find the following bold line (116th line) (which should be default as follow):
[...]
keyserver hkp://keys.gnupg.net
# keyserver mailto:[email protected]
# keyserver ldap://keyserver.pgp.comthen add the following bold line, to finally give the following result:
(add # to the second line as follow to comment out the old address)
[...]
keyserver http://keyserver.ubuntu.com
#keyserver hkp://keys.gnupg.net
# keyserver mailto:[email protected]
# keyserver ldap://keyserver.pgp.comSave the file and try to update again:
In terminal:
sudo apt-get update
Based on nelaar answer:
sudo apt-get update 2>&1 1>/dev/null | sed -ne 's/.*NO_PUBKEY //p' | while read key; do echo 'Processing key:' "$key" sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" doneThe script dumps all the errors into a temporary file and then loops through them, importing the missing keys.
The Most Easiest Way Is With Y PPA MAnager
sudo add-apt-repository ppa:webupd8team/y-ppa-manager sudo apt-get update sudo apt-get install y-ppa-managerOpen Y PPA Manager From Dash
Enter Your Admin Password
Double Click On Advanced Option
Click Try To Import All Missing GPG Keys
Click Ok To Fix It
What worked for me was to delete the key first and then reinstall. To achieve that I did the following:
[email protected] > ~: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 630239CC130E1A7FD81A27B140976EAF437D05B5deleting with
[email protected] > ~: sudo apt-key del 630239CC130E1A7FD81A27B140976EAF437D05B5Then, re-install by typing
[email protected] > ~: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 630239CC130E1A7FD81A27B140976EAF437D05B5I have encountered the same issue, by adding a ppa(
ppa:nathandyer/vocal-stable), it broke my repositories. I was guided from the Author of Web Upd8, on how I can try to fix this, here are his steps that worked me.Backup your
.gpgkeys, just in case that something goes wrong.Lets make a folder in which we will house our backup in.
mkdir ~/gpg-backupsThis backups all files in the
/etc/apt/trusted.gpg.d/folder.sudo cp /etc/apt/trusted.gpg.d/*.* ~/gpg-backups/
Now, we will remove all the
.gpgkeys.sudo rm /etc/apt/trusted.gpg.d/sudo cp /etc/apt/trustdb.gpg ~/gpg-backups/sudo rm /etc/apt/trustdb.gpg
in Software & Updates, on the "Authentication" tab, clicked "Restore Defaults
Install y-ppa manager to import all missing GPG keys
sudo add-apt-repository ppa:webupd8team/y-ppa-manager sudo apt-get update sudo apt-get install y-ppa-managerReference:
One line seems to contain an error, must be `sudo rm /etc/apt/trusted.gpg.d/*`. Omitting the `*` at the EOL is not possible, as you cannot remove non-empty directories with `rm` when the `-r` option is not specified.-- Ah, and you can kill 2 birds with 1 stone by the line `sudo mv /etc/apt/trustdb.gpg ~/gpg-backups/`. Because if you *move* the file, you need not `rm` the source file afterwards.
I wanted to automatically fix errors like this in a bash script. For anyone interested, this should do the trick:
sudo apt-get update 2> /tmp/keymissing if [ -f /tmp/keymissing ] then for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //") do echo -e "\nProcessing key: $key" sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $key sudo apt-get update done rm /tmp/keymissing fi
License under CC-BY-SA with attribution
Content dated before 6/26/2020 9:53 AM
Flimm 8 years ago
It would be good if answers to this question included why this error is happening in the first place, and what to do to avoid it in future.