Re: gpg errors NO_PUBKEY after aptitude update

Wed, 01 Oct 2014 14:09:14 -0700

Op Wed, 01 Oct 2014 09:18:10 +0200 schreef Valery Mamonov <valerymamo...@gmail.com>: 




2014-10-01 11:02 GMT+04:00 Ansgar Burchardt <ans...@debian.org>:

severity 647001 important
thanks

Hi,


Valery Mamonov <valerymamo...@gmail.com> writes:

2014-10-01 3:30 GMT+04:00 Ansgar Burchardt <ans...@43-1.org>:

Valery Mamonov <valerymamo...@gmail.com> writes:
> I'm experiencing some troubles with updating my debian machine.
> After aptitude update i'm having multiple errors like these:
>
> W: GPG error: http://deb.ianod.es unstable InRelease: The following

> signatures couldn't be verified because the public key is not  
available:

> NO_PUBKEY 498F1DF0598C5C38

Hmm, all the keys APT complains about come from /etc/apt/trusted.gpg?
What happens if you move them to a file in /etc/apt/trusted.gpg.d?


After moving trusted.gpg from /etc/apt to  /etc/apt/trusted.gpg.d all  
keys

were missing.
I have manually added keys, but after 'aptitude update' I've got same
result - all keys not found.
The size of new /etc/apt/trusted.gpg was 0 kb.
The size of new /etc/apt/trusted.gpg.d/trusted.gpg was ~106 kb.


Are you using apt from experimental?

With apt_1.1~exp3 I could reproduce the issue: /etc/apt/trusted.gpg is
not world-readable and apt now uses a _apt user for some tasks. So it
cannot access the public keys for verification.

Please try making the keyring world-readable (chmod a+r ...).


Ansgar




Yes, i'm using apt from experimental:

LANG=C apt-cache policy apt
apt:
 Installed: 1.1~exp3
 Candidate: 1.0.9.1
 Version table:
*** 1.1~exp3 0

      1110 http://mirror.yandex.ru/debian/ experimental/main amd64  
Packages
      1110 ftp://ftp.de.debian.org/debian/ experimental/main amd64  
Packages

      1110 ftp://mirror.mephi.ru/debian/ experimental/main amd64 Packages

      1110 http://mirrors.kernel.org/debian/ experimental/main amd64  
Packages

       100 /var/lib/dpkg/status


So I made /etc/apt/trusted.gpg world readable and my problem seemed to  
be solved.



I also use the experimental version of apt, and solved the issue with:
$ sudo setfacl -m u:_apt:r trusted.gpg

I'm not sure, but I think it is a little saver solution. Only the _apt  
user is

allowed to read the file, but correct me if I am wrong.

Thanks Ansgar for pointing to a solution,

floris





















					Reply via email to