APT: GPG error

vharishankar · 02-19-2006, 11:06 PM

I know this is not really a serious issue, but I'd still like to avoid this issue:

Quote:

W: GPG error: http://mirror.pacific.net.au testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F
W: GPG error: http://repos.knio.it testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY CBE5831435A92053
W: GPG error: http://secure-testing.debian.net etch/security-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 946AA6E18722E71E
W: GPG error: ftp://ftp.nerim.net etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
W: GPG error: ftp://mirrors.kernel.org testing Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 010908312D230C5F

From where do I download the public key to these packages for use in Synaptic and apt-get.

I have installed KGpg which should simplify the GPG part. However, I'd just like to know where these keys can be downloaded from and used for apt.

HappyTux · 02-19-2006, 11:11 PM

Try this site http://wiki.debian.org/SecureApt

vharishankar · 02-19-2006, 11:17 PM

I have read that site before, I think you linked to it in another thread. Actually, what I don't understand is where to download the public keys for these repositories.

Also I use KGpg. So I don't need the exact commands, just the location where to download the key...

Sorry if I sound a bit vague, but that's what comes out of half-knowledge

vharishankar · 02-19-2006, 11:37 PM

I've successfully managed this for http://secure-testing.debian.net/ repository because I could find the key file.

The problem is to find the key file for each repository, not in the process. Any ideas?

HappyTux · 02-19-2006, 11:43 PM

Quote:

Originally Posted by Harishankar

I have read that site before, I think you linked to it in another thread. Actually, what I don't understand is where to download the public keys for these repositories.

Also I use KGpg. So I don't need the exact commands, just the location where to download the key...

Sorry if I sound a bit vague, but that's what comes out of half-knowledge

For getting the keys you use gpg so for the first one you do not have try as root.

Code:

gpg --keyserver pgpkeys.mit.edu --recv-key 010908312D230C5F

Then again as root once you see it imported.

Code:

gpg -a --export 2D230C5F | sudo apt-key add -

Now repeat for each of the keys you need and hopefully all of them have been uploaded to a keyserver that the mit.edu mirrors on their keyserver. If not then most times if you put in the url of the repository you will find an archive.key or a file ending in .asc this would be the file you need then you would use gpg --import http://www.????.LLL/path/to/archive.key then use the --export to put it into the apt keyring you only need the last eight letters/numbers when exporting you can find these by using the gpg --list-keys and it will show you them.

vharishankar · 02-19-2006, 11:49 PM

I understand that part about import the key into GPG and then exporting it for use with apt-key. The problem is finding the .asc file for each repository... Is there any other way to "auto-detect" the public key file for each repository?

vharishankar · 02-20-2006, 12:00 AM

Actually if I can download the asc file, I don't even need to use gpg. I can directly use it with apt-key add.

The only problem is finding that file.

vharishankar · 02-20-2006, 12:07 AM

Yah, I successfully managed to import all the keys using the technique of searching for the key ID rather than the .asc file. I used KGpg anyway, since I didn't want to type in every command using gpg. It's actually very easy to use.

Thanks for pointing me in the right direction. Now all the errors regarding GPG no longer exist.

vharishankar · 02-20-2006, 12:08 AM

Earlier the importing from a key server wasn't working because of a firewall issue. I now allowed the firewall (guarddog) to connect to pgp key servers and it works fine. That was where the confusion lay.

Regards.