###################################
# FIX MISSING GPG KEY FOR APT-GET #
###################################

# When running "apt-get update" If get error like this:
# W: GPG error: http://ftp.us.debian.org squeeze-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553

# basically this line was failing due to missing key in my source.list file
deb http://ftp.us.debian.org/debian/ squeeze-updates main

# Remember when you run apt-get update, /etc/apt/sources.list and anything in /etc/apt/sources.d gets processed for repos, repos require keys for authentication

# what is missing is the archive.key to authenticate that repo server is legit
# looking at this line "deb http://ftp.us.debian.org/debian/ squeeze-updates main"
# we can go here http://ftp.us.debian.org/debian/
# and look for "archive.key" then "wget link" and "apt-get add file.key" (like manual method 1)
# sometimes the key file will not be there and will be on gpg servers (method 2 and automatic method at the bottom)

#####################
# MANUAL SOLUTION 1 #
#####################

# Find the key link (if you know which one you need)

wget <gpg key url> 
apt-get add <keyfile that was downloaded>

##############
# KEY SERVER #
##############

# for next methods we will get the key from these gpg servers that  hold keys

# Works for debian: pgpkeys.mit.edu
# Works for ubuntu: subkeys.pgp.net

#####################
# MANUAL SOLUTION 2 #
#####################

# If you dont know which one you want, then you need to look for it using its key id

# Example:
# We see key ID is 8B48AD6246925553

# Basically do a google Search for that key
# 8B48AD6246925553

# Google search for me return pgpkeys.mit.edu as possible match

# Find which keyservers have it, like in this case

gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553

# SIDENOTE, to see the key that just got stored into the gpg cache: gpg --export --armor 8B48AD6246925553

gpg --export --armor 8B48AD6246925553 > missingkey.gpg
apt-key add missingkey.gpg

# OR IN ONE COMMAND YOU CAN DO BOTH: gpg --export --armor 8B48AD6246925553 | apt-key add -

# That will download the key from the gpg cache

# SIDE NOTE: see current keys:
gpg --list-keys

# NOTE: even though gpg cache has the key, you still need to tell apt to use it, so thats why we "export" it and then import/add it into apt

####################
# Run this script: #
####################

apt-get update 2> /tmp/keymissing; for key in $(grep "NO_PUBKEY" /tmp/keymissing |sed "s/.*NO_PUBKEY //"); do echo -e "\nProcessing key: $key"; gpg --keyserver pgpkeys.mit.edu --recv $key && gpg --export --armor $key | apt-key add -; done

# it works if the command finished and says things like:
#  gpg: requesting key 46925553 from hkp server pgpkeys.mit.edu
#  gpg: key 46925553: "Debian Archive Automatic Signing Key (7.0/wheezy)
#  <ftpmaster@debian.org>" not changed
#  gpg: Total number processed: 1
#  gpg:              unchanged: 1

# If doesnt work and stuck on 
# gpg: requesting key 46925553 from hkp server pgpkeys.mit.edu

# Then copy key from this line
# "Processing key: 8B48AD6246925553"
# and google search "8B48AD6246925553" this will return keyserver, like below, put those in for --keyserver line

# And look for keyserver

# Works for debian: pgpkeys.mit.edu
# Works for ubuntu: subkeys.pgp.net

 

3 thoughts on “FIX MISSING GPG KEY FOR APT-GET

  1. Thanks, I was missing exactly the same key after apt-key del being run w/o arguments. I managed to get back official debian keys, nginx etc. but this one was still missing.

    If no specific keyring file is given the command applies to all keyring files, so if you do apt-key del w/o keyID, it will wipe out all of your keys! How stupid is that?!

Leave a Reply

Your email address will not be published. Required fields are marked *