34

I'm working on an embedded system on Debian 8 (to be upgraded). When I do apt update, I'm getting the following:

...
...
Hit http://deb.debian.org stable/contrib arm64 Packages
Hit http://deb.debian.org stable/non-free arm64 Packages                       
Fetched 116 kB in 19s (6011 B/s)                                               
Reading package lists... Done
Building dependency tree       
Reading state information... Done
109 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: GPG error: http://deb.debian.org stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 648ACFD622F3D138 NO_PUBKEY 0E98404D386FA1D9 NO_PUBKEY 605C66F00D6C9793

I tried:

apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys

but got:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.mXChDvLgjA --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-squeeze-stable.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-automatic.gpg --keyring /etc/apt/trusted.gpg.d/debian-archive-wheezy-stable.gpg --keyserver hkp://p80.pool.sks-keyserver.net:80 --recv-keys 605C66F00D6C9793
gpg: requesting key 0D6C9793 from hkp server p80.pool.sks-keyserver.net
?: p80.pool.sks-keyserver.net: Host not found
gpgkeys: HTTP fetch error 7: couldn't connect: No such file or directory
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

I also tried:

# gpg --keyserver pgp.mit.edu --recv-keys 648ACFD622F3D138 0E98404D386FA1D9 605C66F00D6C9793

which returned:

gpg: requesting key 22F3D138 from hkp server pgp.mit.edu
gpg: requesting key 386FA1D9 from hkp server pgp.mit.edu
gpg: requesting key 0D6C9793 from hkp server pgp.mit.edu
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 3CBBABEE: public key "Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>" imported
gpg: key 8DD47936: public key "Debian Archive Automatic Signing Key (11/bullseye) <ftpmaster@debian.org>" imported
gpg: key 0D6C9793: public key "Debian Stable Release Key (11/bullseye) <debian-release@lists.debian.org>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 3
gpg:               imported: 3  (RSA: 3)

and running # apt update after wards still gives me the NO_PUBKEY error. How do I get this fixed properly? My sources are the following:

cat /etc/apt/sources.list.d/multistrap-debian.list 
deb [arch=arm64] http://deb.debian.org/debian stable main contrib non-free
deb-src http://deb.debian.org/debian stable main contrib non-free
stdcerr
  • 13,725
  • 25
  • 71
  • 128

1 Answers1

40

I was able to resolve this with:

# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 605C66F00D6C9793
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138

Looks like the ubuntu servers also contain the debian keys.

stdcerr
  • 13,725
  • 25
  • 71
  • 128
  • 4
    I had to specify a different port for the keyserver: `hkp://keyserver.ubuntu.com:80` see https://unix.stackexchange.com/a/399091/78382 – troyfolger Apr 12 '22 at 20:30
  • 20
    @stdcerr `apt-key` is now [deprecated](https://opensource.com/article/22/9/deprecated-linux-apt-key). Could you please add the proper way to handle this, for future readers? Thanks. – 4wk_ Jan 06 '23 at 14:05
  • @4wk_ I'm not sure myself and cannot test this right now! Your best bet is Google or maybe a Debian forum. When you find it out, it would be great if you could update this thread also. Thanks in advance! – stdcerr Feb 11 '23 at 07:09
  • 2
    Need `sudo` in my case – Florent Apr 10 '23 at 12:24