Bug#346002: apt: GPG error when updating
On Mon, Jan 09, 2006 at 01:13:57PM -0800, Mark Hedges wrote:
> > On Sun, Jan 08, 2006 at 09:28:24AM +0100, Harald Dunkel wrote:
> > > Michael Vogt wrote:
> > > > You can run apt-get with "--allow-unauthenticated" or
> > > > APT::Get::AllowUnauthenticated=true in apt.conf
> > >
> > > Thanx for the hint, but this option just changed the error
> > > message. Now I get:
> > >
> > > W: There are no public key available for the following key IDs:
> > > 010908312D230C5F
> > > W: You may want to run apt-get update to correct these problems
> >
> > The warning is justified IMHO because the user should be told that
> > there is are signatures on the Release file for that no public key is
> > available. The Debian Release should should still be authenticated now
> > (because it found a valid signature from a trusted key and only a
> > missing signature) and you should get no authenticated packages
> > warnings anymore.
> >
> > Maybe I should reword the warning to make it more clear what it
> > means?
>
> I still got this error as of this morning on `apt-get update`:
>
> W: GPG error: http://ftp.us.debian.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
This is excepted as only apt version 0.6.43.1 contains support to
verify against multiple signatures on a Relase file.
> mhedges@mhedges:~$ sudo apt-key update
> ERROR: Can't find the archive-keyring
> Is the debian-keyring package installed?
> mhedges@mhedges:~$ sudo apt-get install debian-keyring
> Reading package lists... Done
> Building dependency tree... Done
> debian-keyring is already the newest version.
> 0 upgraded, 0 newly installed, 0 to remove and 64 not upgraded.
>
> I tried installing just the upgrade of apt and apt-utils without
> verification but it didn't help. Same error. Is the relevant
> key in some other package?
The relevant key is in the debian-archive-keyring package that is not
yet in the archive.
> I finally got sick of waiting and answered 'Y' to dist-upgrade's question:
>
> WARNING: The following packages cannot be authenticated!
> ...
> Install these packages without verification [y/N]? y
>
> After that, I *still* get the same error for `apt-get update`:
>
> W: There are no public key available for the following key IDs: 010908312D230C5F
This is the warning that was discussed above (that probably needs some
rewording, suggestions are welcome). It tells you that there is a
missing key (that in itself is not fatal because of the good signature
on the release file with the 2005 key). So now your packages should
be authenticated again.
> Will there be some way to go back and verify package integrity
> after this gets fixed? Reinstall these packages?
The easiest is to just add the new key with apt-key add by hand. You
can also install the new apt and/or the debian-archive-keyring package
(when it enters the archive). Then apt-get clean, apt-get update,
apt-get install --reinstall apt. This will make sure that apt is ok,
then proceed with the installing. Far from ideal, sorry for the bumpy
road. But the next key rollover should be much smoother.
Cheers,
Michael
--
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
Reply to: