New Debian apt keys

June 2009
M	T	W	T	F	S	S
« May		Jul »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

June 11th, 2009 · 1 Comment

Running apt-get update gives an error message:

W: GPG error: http://ftp.us.debian.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B W: There is no public key available for the following key IDs: 9AA38DCD55BE302B W: You may want to run apt-get update to correct these problems

A check for this missing key tells us it is for Lenny/5.0 sources which have been introduced to the Debian Archive and all new packages are being signed with this new key.

root@debian:~# gpg --keyserver wwwkeys.eu.pgp.net --list-keys 9AA38DCD55BE302B pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31] uid Debian Archive Automatic Signing Key (5.0/lenny)

Add this key into your apt keyring with:
root@debian:~# gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 55BE302B && gpg -a --export 55BE302B | apt-key add - gpg: requesting key 55BE302B from hkp server wwwkeys.eu.pgp.net gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) " imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK

and if you are using Debian-Volatile sources:
root@debian:~# gpg --keyserver wwwkeys.eu.pgp.net --recv-keys 6D849617 && gpg -a --export 6D849617 | apt-key add - gpg: requesting key 6D849617 from hkp server wwwkeys.eu.pgp.net gpg: key 6D849617: public key "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK

List keys in your apt-keyring:
root@debian:~# apt-key list /etc/apt/trusted.gpg -------------------- pub 1024D/2D230C5F 2006-01-03 [expired: 2007-02-07] uid Debian Archive Automatic Signing Key (2006)

pub 1024D/6070D3A1 2006-11-20 [expires: 2009-07-01] uid Debian Archive Automatic Signing Key (4.0/etch)
pub 1024D/ADB11277 2006-09-17 uid Etch Stable Release Key
pub 1024D/BBE55AB3 2007-03-31 [expires: 2010-03-30] uid Debian-Volatile Archive Automatic Signing Key (4.0/etch) sub 2048g/36CA98F3 2007-03-31 [expires: 2010-03-30]
pub 4096R/55BE302B 2009-01-27 [expires: 2012-12-31] uid Debian Archive Automatic Signing Key (5.0/lenny)
pub 2048R/6D849617 2009-01-24 [expires: 2013-01-23] uid Debian-Volatile Archive Automatic Signing Key (5.0/lenny)

OPTIONAL

Remove the 2 new gpg keys from root gpg keyring:
root@debian:~# gpg --delete-keys 55BE302B 6D849617 gpg (GnuPG) 1.4.6; Copyright (C) 2006 Free Software Foundation, Inc. This program comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. See the file COPYING for details.

pub 4096R/55BE302B 2009-01-27 Debian Archive Automatic Signing Key (5.0/lenny)

Delete this key from the keyring? (y/N) y

pub 2048R/6D849617 2009-01-24 Debian-Volatile Archive Automatic Signing Key (5.0/lenny)

Delete this key from the keyring? (y/N) y

Debian FTP archive for Etch – archive.debian.org

Tags: Debian · sysadmin

1 response so far ↓

1 New Debian apt keys | Debian-News.net - Your one stop for news about Debian // Jun 13, 2009 at 1:25 pm

[...] A check for this missing key tells us it is for Lenny/5.0 sources which have been introduced to the Debian Archive and all new packages are being signed with this new key. More here [...]

Linux System Admins Blog

System admins of Promet – an e-commerce, high availability Open Source web shop – share their findings

Meta

Categories

Archives