Fixing package key errors

Introduction

This page lists various error messages related to package and repository authentication that I have encountered and how to fix them.

public key is not available: NO_PUBKEY 5C808C2B65558117

1. Verify the error occurs as below:

   penne# apt-get -qq update
   W: A error occurred during the signature verification. The repository is not updated and the
       previous index files will be used. GPG error: http://install.pasta.net wheezy Release: The
       following signatures couldn't be verified because the public key is not available:
       NO_PUBKEY 5C808C2B65558117
   W: Failed to fetch http://install.pasta.net/multimedia-wheezy.penne/dists/wheezy/Release  
   W: Some index files failed to download. They have been ignored, or old ones used instead.
   penne#

2. Determine what version of the package is installed if any:

   dpkg -l deb-multimedia-keyring

3. Determine what version of the package is available in the repository. (Probably this means visiting the URL that is mentioned in /etc/apt/sources.list* and looking at what version is in the ‘pool’ directory or looking at what version is mentioned in the file ‘/dists/wheezy/main/binary-<port>/Packages.gz’).
4. If the version installed is 2014.2 or newer, then you should not be seeing the error!
5. If the version in the repository is older than 2014.2, then you should find a newer mirror!
6. Attempt to upgrade the package (this will probably fail):

   penne# apt-get upgrade deb-multimedia-keyring
   Reading package lists... Done
   Building dependency tree       
   Reading state information... Done
   0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
   penne#

7. Attempt to remove and re-install the package (this will probably fail):

   penne# apt-get --purge remove deb-multimedia-keyring
   Reading package lists... Done
   Building dependency tree       
   Reading state information... Done
   The following packages will be REMOVED:
     deb-multimedia-keyring*
   0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
   After this operation, 46.1 kB disk space will be freed.
   Do you want to continue [Y/n]? y
   (Reading database ... 56329 files and directories currently installed.)
   Removing deb-multimedia-keyring ...
   OK
   penne# apt-get install deb-multimedia-keyring
   Reading package lists... Done
   Building dependency tree       
   Reading state information... Done
   The following NEW packages will be installed:
     deb-multimedia-keyring
   0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
   Need to get 14.4 kB of archives.
   After this operation, 46.1 kB of additional disk space will be used.
   Err http://install.pasta.net/multimedia-wheezy.penne/ wheezy/main deb-multimedia-keyring all 2012.05.10-dmo4
     404  Not Found
   Failed to fetch http://install.pasta.net/multimedia-wheezy.penne/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2012.05.10-dmo4_all.deb  404  Not Found
   E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
   penne#

   (Why is it still looking for the old version of the package even though a newer one is available in the repositories that the system is configured to use? Because the package index for this repository has not been updated!)

8. Force the update of the package index by discarding the old one:

   penne# find /var/lib/apt/lists -type f -exec rm {} \;
   penne# apt-get -qq update
   W: GPG error: http://install.pasta.net wheezy Release: The following signatures
       couldn't be verified because the public key is not available:
       NO_PUBKEY 5C808C2B65558117
   penne#

   (We’re still getting the same error displayed, but, this time, the package index has been updated!)

9. Now it will be possible to install (or upgrade, if, earlier, you didn’t remove) the package:

   penne# apt-get install deb-multimedia-keyring
   Reading package lists... Done
   Building dependency tree       
   Reading state information... Done
   The following NEW packages will be installed:
     deb-multimedia-keyring
   0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
   Need to get 27.7 kB of archives.
   After this operation, 74.8 kB of additional disk space will be used.
   WARNING: The following packages cannot be authenticated!
     deb-multimedia-keyring
   Install these packages without verification [y/N]? y
   Get:1 http://install.pasta.net/multimedia-wheezy.penne/ wheezy/main deb-multimedia-keyring all 2014.2 [27.7 kB]
   Fetched 27.7 kB in 0s (0 B/s)               
   Selecting previously unselected package deb-multimedia-keyring.
   (Reading database ... 56324 files and directories currently installed.)
   Unpacking deb-multimedia-keyring (from .../deb-multimedia-keyring_2014.2_all.deb) ...
   Setting up deb-multimedia-keyring (2014.2) ...
   penne#

10. And finally, an ‘apt-get update’ no longer complains:

    penne# apt-get -qq update
    penne#

W: There is no public key available for the following key IDs: 9D6D8F6BC857C906

My suspicion is that this occurs because (1) the system was installed against an ISO image, (2) the system has since applied only security updates, (3) the key used to sign the Debian security repository has recently changed, (4) the package containing the updated key is not distributed via security updates so any system applying only security updates can no longer validate security updates!

1. Verify that you are seeing one of the following errors:

   alphabeti# apt-get update
   ...   
   Fetched 888 kB in 1s (687 kB/s)                                     
   Reading package lists... Done
   W: There is no public key available for the following key IDs:
   9D6D8F6BC857C906
   alphabeti#

   or

   alphabeti# apt-get dist-upgrade
   Reading package lists... Done
   Building dependency tree       
   Reading state information... Done
   Calculating upgrade... Done
   The following packages have been kept back:
     libservice-wrapper-java libservice-wrapper-jni service-wrapper
   The following packages will be upgraded:
     linux-image-3.2.0-4-amd64 linux-libc-dev
   0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
   alphabeti#

2. Run:

   alphabeti# wget http://ftp2.de.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2014.3~deb7u1_all.deb
   alphabeti# dpkg -i *.deb
   alphabeti#

3. Rerun the tests above to check the error has cleared.

[GNUPG:] NO_PUBKEY 40976EAF437D05B5

This error was encountered when trying to mirror Ubuntu using debmirror. The full error message was:

gpgv: Signature made Mon 02 May 2016 05:33:56 AM CEST using DSA key ID 437D05B5
[GNUPG:] ERRSIG 40976EAF437D05B5 17 10 00 1462160036 9
[GNUPG:] NO_PUBKEY 40976EAF437D05B5
gpgv: Can't check signature: public key not found
gpgv: Signature made Mon 02 May 2016 05:33:56 AM CEST using RSA key ID C0B21F32
[GNUPG:] ERRSIG 3B4FE6ACC0B21F32 1 10 00 1462160036 9
[GNUPG:] NO_PUBKEY 3B4FE6ACC0B21F32
gpgv: Can't check signature: public key not found

1. Run:

   gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg \
       --keyserver sks-keyservers.net --recv 437D05B5

See also

• Computing