Public key not available error
From MEPIS Documentation Wiki
Apt-get includes package authentication in order to improve security. You can still install non-authenticated packages, but if you want to take advantage of this feature do the following (note that not all the deb repositories implemented this feature, if you upgrade from such a repository you'll get a "packages could not be authenticated" warning).
Easiest method
Works for MEPIS 8, 8.5 and 11.
Enable the Community repositories, then install checkaptgpg with Synaptic. Then, when you get a warning about a public key not being available, run this application by clicking StartMenu > System > Check Apt GPG. Enter Y and then the root password. When it is finished, the window will disappear.
Manual method
If you get a warning similar to this:
W: GPG error: ftp://ftp.nerim.net unstable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
Note the 16 character string of seemingly random numbers and letters? That is the public key, put that in place of <pubkey> in the instructions below.
- open konsole, type "su" and root password.
- gpg --keyserver subkeys.pgp.net --recv-keys <pubkey>
- gpg --armor --export <pubkey> | apt-key add -
- apt-get update
Keys may be on any of these servers as well:
- minsky.surfnet.nl
- wwwkeys.pgp.net
- pgp.dtype.org
- wwwkeys.us.pgp.net
Notes
1. If you get the following error when you try to add the key:
gpg: WARNING: unsafe ownership on configuration file `/home/username/.gnupg/gpg.conf'
Run this command in Konsole:
chown root:root ~/.gnupg/gpg.conf
2. If you are missing MEPIS key use this how-to: MEPIS key
Script method
You can use a script developed by Community members to do this task for you in the following way:
- Right-click the desktop Create New --> Text File, and name it gpgerror_fix
- Open the file and paste in the following:
#!/bin/sh
# checkaptget - check the .gpg signed Release files for missing keys
# Check if I am root for use later.
if [ $(id -u) -ne 0 ]; then
ROOT=0
else
ROOT=1
fi
# Will we need to be rerun as root?
RERUN=0
# The location of the trusted keyring.
APT_TRUSTED=/etc/apt/trusted.gpg
# The location of the Release files.
APT_LISTS=/var/lib/apt/lists
# Get a list of repositories for which we have downloaded a Release file
REPOSITORIES=`ls $APT_LISTS | grep Release$`
# For each repository look for a matching Release.gpg signature
for repo in $REPOSITORIES
do
echo Checking $repo
RELEASE=$APT_LISTS/$repo
GPG=''
if [ -s $RELEASE.gpg ]
then
GPG=$RELEASE.gpg
else
if [ -s $APT_LISTS/partial/$repo.gpg ]
then
GPG=$APT_LISTS/partial/$repo.gpg
else
if [ -s $APT_LISTS/partial/$repo.gpg.reverify ]
then
GPG=$APT_LISTS/partial/$repo.gpg.reverify
fi
fi
fi
if [ $GPG ]
then
# We have found a Release.gpg signature
ANSWER=`gpg -q --no-default-keyring --keyring $APT_TRUSTED --verify $GPG $RELEASE 2>&1`
if [ $? -ne 0 ]
then
# GPG errored -
# Assume that an ID was included in the error message in the form
# ... ID <GPGID> ...
IDFOUND=0
for xx in $ANSWER
do
if [ $IDFOUND -eq 0 ]
then
if [ "ID" = "$xx" ]
then
IDFOUND=1
fi
else
GPGKEY=$xx
break
fi
done
if [ $ROOT -eq 1 ]; then
# We are root, so we can try to download the key.
apt-key adv --keyserver hkp://subkeys.pgp.net --recv-key $GPGKEY
# Assume it worked.
else
# We are not root, so output a message.
echo " Missing GPG ID $GPGKEY"
RERUN=1
fi
else
echo " Good GPG signature found."
fi
else
echo " No GPG Release signature found."
fi
done
if [ $RERUN -gt 0 ]; then
echo
echo "Rerun as root to download the missing keys."
fi
- Save the file, then right-click it, click the Permissions tab, and check Is executable.
- Move the file to /usr/local/bin
- Now you can run the script by typing gpgerror_fix in a terminal, and it will check and fix all keys automatically.
- If you like, you can create a desktop link or menu entry for it; in the latter case, be sure to have it open in a terminal, and add "sleep 10" at the end of the script so you can see the results before it exits.
