{"id":9751,"date":"2024-07-26T11:43:30","date_gmt":"2024-07-26T09:43:30","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=9751"},"modified":"2024-07-26T11:43:30","modified_gmt":"2024-07-26T09:43:30","slug":"debian-apt-error-no_pubkey","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/debian-apt-error-no_pubkey\/","title":{"rendered":"Debian: apt error NO_PUBKEY"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_9751 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_9751')){$('.twoclick_social_bookmarks_post_9751').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Debian%3A%20apt%20error%20NO_PUBKEY\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Aon%20newer%20debian%2Fubuntu%20system%20the%20%22apt-key%22%20%28%2Fetc%2Fapt%2Ftrusted.gpg.d%20and%20%2Fetc%2Fapt%2Fgpgtrusted.gpg%29%20should%20no%20longer%20be%20used%20because%20in%20newer%20debian%20versions%20and%20is%20marked%20as%20insecure%20because%20a%20%28correct%29%20signed%20package%20is%20accepted%20from%20all%20respositories%20and%20should%20only%20be%20accepted%20from%20the%20original%20publisher.%20%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/debian-apt-error-no_pubkey\\\/\",\"post_id\":9751,\"post_title_referrer_track\":\"Debian%3A+apt+error+NO_PUBKEY\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>on newer debian\/ubuntu system the &#8220;apt-key&#8221; (\/etc\/apt\/trusted.gpg.d and \/etc\/apt\/gpgtrusted.gpg) should no longer be used because in newer debian versions and is marked as insecure because a (correct) signed package is accepted from all respositories and should only be accepted from the original publisher.<br \/>\n<!--more--> <\/p>\n<p>If you use the apt-key methode to get an new key the public key will not be found.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # apt update\r\n.....\r\nErr:4 http:\/\/nginx.org\/packages\/debian bullseye InRelease\r\n  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8966AE7EAABF62\r\n....\r\n<\/pre>\n<p><strong>An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http:\/\/nginx.org\/packages\/debian bullseye InRelease: The following signatures couldn&#8217;t be verified because the public key is not available: NO_PUBKEY 8966AE7EAABF62<\/strong><br \/>\nor you get an<br \/>\n<strong><br \/>\nEXPKEYSIG 8966AE7EAABF62<\/strong><br \/>\nerror.<\/p>\n<p>This error means that the public key for the repository defined in sources.list is not found.<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # cat \/etc\/apt\/sources.list.d\/myVendor.list\r\ndeb &#x5B;signed-by=\/usr\/share\/keyrings\/myVendor-archive-keyring.gpg] http:\/\/myVendor.org\/packages\/debian bullseye myapp\r\n<\/pre>\n<p>Show current public keys <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nroot@debdev ~ # gpg --show-keys --with-fingerprint \/usr\/share\/keyrings\/myVendor-archive-keyring.gpg\r\npub   rsa4096 2024-05-29 &#x5B;SC]\r\n      8440 C6F1 8823 100E 9C22  6354 2AA2 1210 B50F FF46\r\nuid                      myappsigning key &lt;signing-key-2@myVendor.com&gt;\r\n\r\npub   rsa2048 2011-08-19 &#x5B;SC] &#x5B;expires: 2027-05-24]\r\n      AA3B F56B 138F B094 3379  5A3B 9805 BD82 7BD9 BF62\r\nuid                      myappsigning key &lt;signing-key@myVendor.com&gt;\r\n<\/pre>\n<p>To get new keys<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nwget -O- https:\/\/myVendor.com\/myVendorKey.gpg |\r\n    gpg --dearmor &gt; tee \/usr\/share\/keyrings\/myVendor-archive-keyring.gpg \r\n<\/pre>\n<p>Now apt update works as expected.<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, on newer debian\/ubuntu system the &#8220;apt-key&#8221; (\/etc\/apt\/trusted.gpg.d and \/etc\/apt\/gpgtrusted.gpg) should no longer be used because in newer debian versions and is marked as insecure because a (correct) signed package is accepted from all respositories and should only be accepted from the original publisher.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[870],"tags":[1904,335,89,2047,2046],"class_list":["post-9751","post","type-post","status-publish","format-standard","hentry","category-debian","tag-apt","tag-debian","tag-error","tag-expkeysig","tag-no_pubkey"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=9751"}],"version-history":[{"count":4,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9751\/revisions"}],"predecessor-version":[{"id":9755,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/9751\/revisions\/9755"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=9751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=9751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=9751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}