[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg errors NO_PUBKEY after aptitude update

Yes, that solution is more secure, as I think

02 окт. 2014 г. 1:08 пользователь "Floris" <jkfloris@dds.nl> написал:
Op Wed, 01 Oct 2014 09:18:10 +0200 schreef Valery Mamonov <valerymamonov@gmail.com>:



2014-10-01 11:02 GMT+04:00 Ansgar Burchardt <ansgar@debian.org>:
severity 647001 important
thanks

Hi,

Valery Mamonov <valerymamonov@gmail.com> writes:
> 2014-10-01 3:30 GMT+04:00 Ansgar Burchardt <ansgar@43-1.org>:
>> Valery Mamonov <valerymamonov@gmail.com> writes:
>> > I'm experiencing some troubles with updating my debian machine.
>> > After aptitude update i'm having multiple errors like these:
>> >
>> > W: GPG error: http://deb.ianod.es unstable InRelease: The following
>> > signatures couldn't be verified because the public key is not available:
>> > NO_PUBKEY 498F1DF0598C5C38
>>
>> Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg?
>> What happens if you move them to a file in /etc/apt/trusted.gpg.d?
>>
> After moving trusted.gpg from /etc/apt to  /etc/apt/trusted.gpg.d all keys
> were missing.
> I have manually added keys, but after 'aptitude update' I've got same
> result - all keys not found.
> The size of new /etc/apt/trusted.gpg was 0 kb.
> The size of new /etc/apt/trusted.gpg.d/trusted.gpg was ~106 kb.

Are you using apt from experimental?

With apt_1.1~exp3 I could reproduce the issue: /etc/apt/trusted.gpg is
not world-readable and apt now uses a _apt user for some tasks. So it
cannot access the public keys for verification.

Please try making the keyring world-readable (chmod a+r ...).

Ansgar

Yes, i'm using apt from experimental:

 LANG=C apt-cache policy apt
apt:
  Installed: 1.1~exp3
  Candidate: 1.0.9.1
  Version table:
 *** 1.1~exp3 0
       1110 http://mirror.yandex.ru/debian/ experimental/main amd64 Packages
       1110 ftp://ftp.de.debian.org/debian/ experimental/main amd64 Packages
       1110 ftp://mirror.mephi.ru/debian/ experimental/main amd64 Packages
       1110 http://mirrors.kernel.org/debian/ experimental/main amd64 Packages
        100 /var/lib/dpkg/status

So I made /etc/apt/trusted.gpg world readable and my problem seemed to be solved.
 
I also use the experimental version of apt, and solved the issue with:
$ sudo setfacl -m u:_apt:r trusted.gpg
I'm not sure, but I think it is a little saver solution. Only the _apt user is
allowed to read the file, but correct me if I am wrong.

Thanks Ansgar for pointing to a solution,

floris


Reply to: