6.41 Archive Signatures and Keys
The apt tool supports signing of a
Release file to ensure the integrity of a
Debian/Ubuntu archive. The signature is contained in
Release.gpg. The Release file is signed using a private key,
and a public key is then used to ensure the signature is correct.
The following from an apt-get command is often the first sign of a missing key:
W: GPG error: ftp://ftp.nerim.net unstable Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 07DC563D1F41B907
Packages can still be installed but messages like the following will be displayed:
WARNING: The following packages cannot be authenticated! most Install these packages without verification [y/N]?
Interacting with the -, apt, key command is simple, with just
a few sub-commands:
list command will list the public keys
that are currently accepted and the
add command allows a
public key to be added. The key itself needs to be downloaded from a
key server using gpg.
To download a key and install it locally the single
command can be utilised (the key can be identified using the last 8
characters of the id that apt-get reports that it can not verify):
$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 1F41B907
A more explicit specification of the keyserver may sometimes be required, often due to firewall restrictions:
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-key 1F41B907
Underneath the following three steps are undertaken:
$ gpg --keyserver keyring.debian.org --recv-key 1F41B907 $ gpg --armor --export 1F41B907 | sudo apt-key add -
The warning report should now disappear (at least for this key/repository).
To list the keys and to delete keys if desired:
$ apt-key list $ sudo apt-key del 1F41B907
Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0