This site is now 100% read-only, and retired.

XML logo

apt warnings about missing public keys
Posted by dkg on Tue 21 Nov 2006 at 17:56
Tags: none.
After running apt-get update on a typically-stable mixed etch/sid machine (which also has experimental in the sources list), i'm getting the following warnings from apt:
W: There are no public key available for the following key IDs:
A70DAF536070D3A1
W: There are no public key available for the following key IDs:
A70DAF536070D3A1
W: There are no public key available for the following key IDs:
A70DAF536070D3A1
W: You may want to run apt-get update to correct these problems
Is anyone else seeing this? a quick glance at google makes me think it's not very important, but i'd like some confirmation on this. Also, the identical repeated error messages look odd. If it's one from each upstream source, shouldn't apt include the message about which source is generating the error? otherwise, why bother printing the same thing 3 times?

 

Comments on this Entry

Re: apt warnings about missing public keys
Posted by Anonymous (64.81.xx.xx) on Tue 21 Nov 2006 at 18:46
Yes, I received similar, if not identical, warnings this morning when installing ntp on a debian unstable host.

[ Parent ]

Re: apt warnings about missing public keys
Posted by aketus (210.80.xx.xx) on Wed 22 Nov 2006 at 03:33

Hi,

This was reported on the Debian Forums as well. See here and here Another potential solution here

aketus

[ Parent ]

Re: apt warnings about missing public keys
Posted by dkg (216.254.xx.xx) on Wed 22 Nov 2006 at 14:13
[ View Weblogs ]
From your last link (which is where the other links lead to anyway):
# gpg --export A70DAF536070D3A1 | apt-key add -
I understand this as a way to get rid of the warning message. But promiscuously adding keys to your apt keyring defeats the purpose of using secure apt.

The whole point of using secure apt is that you know that the archive you are installing from is signed by a key you trust. If you blindly import keys from a keyserver and push them into apt-key, why bother with secure apt at all?

After another recent apt-get update i see that version 2006.11.22 of debian-archive-keyring just made it into unstable. The changelog for this is:

debian-archive-keyring (2006.11.22) unstable; urgency=low

  * Non-maintainer upload.
  * Add Etch release key
  * Bump priority to important (Closes: Bug#397698)
  * Update FSF address in copyright.

 -- Anthony Towns   Wed, 22 Nov 2006 01:30:50 +1000
I can install this package without warnings (i have sid in my sources.list as well as etch) because it's distributed signed with the old archive key. After installing it, the extra warnings go away. This is, i think, the proper way to make sure you've got a chained trust to the new Etch release key.

So, to be clear, if you have unstable in /etc/apt/sources.list, a simple

apt-get install debian-archive-keyring/unstable
should suffice to clear up the message.

[ Parent ]

Re: apt warnings about missing public keys
Posted by eleti (210.151.xx.xx) on Fri 24 Nov 2006 at 02:30
Thanks a lot! It works well for me.. fast and easy. Just one of those not-so-often lucky days when I just stumbled upon a solution in 2 clicks :)

[ Parent ]

Re: apt warnings about missing public keys
Posted by atrixnet (167.230.xx.xx) on Sat 25 Nov 2006 at 21:21
[ View Weblogs ]
heyyyyy great post! dkg++!

[ Parent ]

Re: apt warnings about missing public keys
Posted by Anonymous (207.170.xx.xx) on Mon 27 Nov 2006 at 17:57
Yep this was the ticket.
apt-get install debian-archive-keyring/testing worked on my installation....

Thanks for the good post.

[ Parent ]

Re: apt warnings about missing public keys
Posted by dkg (216.254.xx.xx) on Mon 27 Nov 2006 at 18:37
[ View Weblogs ]
yes, version 2006.11.22 of debian-archive-keyring has migrated into testing now. Glad it worked for you!

[ Parent ]

Re: apt warnings about missing public keys
Posted by Simon (146.80.xx.xx) on Thu 30 Nov 2006 at 14:06
Worked for me too :)

Thanks!

[ Parent ]

Re: apt warnings about missing public keys
Posted by Anonymous (12.4.xx.xx) on Mon 27 Nov 2006 at 18:01
This command:

apt-get install debian-archive-keyring/unstable

did not eliminate the message for me. The only thing that I *haven't* done is import the keys as described by the other approach to fixing this.
I suspect that importing the key is the only real way to fix this, and that the approach of installing the debian-archive-keyring doesn't actually do it. My debian-archive-keyring package is as up to date as it gets, and yet I still always get the missing key error when doing "apt-get update".

---

ps:
Also, I tried to create an account so I would not have to post this anonymously, but the account creation page seems to be in error. I used my real email address and was repeatedly told it was an invalid email address. I think not. There seems to be a bug in recognizing valid email addresses on debian-administration.org.

[ Parent ]

Re: apt warnings about missing public keys
Posted by dkg (216.254.xx.xx) on Mon 27 Nov 2006 at 18:54
[ View Weblogs ]
That's pretty odd that the keyring update didn't work. Have you tried just
apt-get install debian-archive-keyring
on it's own, since the right package has propagated into testing?

If you have 2006.11.22 of debian-archive-keyring installed cleanly, and apt-get update still shows those errors, you might want to try an explicit

apt-key update
Maybe that didn't get run automatically for you?
as for the e-mail address problem, you should mail the webmaster address at the bottom of the page and explain the issue. Steve is quite responsive when he's aware of a legitimate problem with the site.

[ Parent ]

Re: apt warnings about missing public keys
Posted by meilal (194.27.xx.xx) on Tue 28 Nov 2006 at 09:36
apt-key update

solved my problem.
In fact, I suspect the original Warning message that directs us to "apt-get update" should be "apt-key update"...

mei_

[ Parent ]

Re: apt warnings about missing public keys
Posted by fred_hamster (12.4.xx.xx) on Thu 30 Nov 2006 at 20:46
i had tried the debian-archive-keyring on its own as well as with the "/unstable" attached to it, and neither helped.

i ended up receiving the key and registering it before i got a chance to try the "apt-key update" approach. the apt-key approach definitely seems more like the right one...
if apt-get was supposed to run that automatically, that apparently did not happen.

ps: my user creation issues are resolved now somehow. i was the anonymous poster before.

[ Parent ]

Re: apt warnings about missing public keys
Posted by Anonymous (87.94.xx.xx) on Sat 2 Dec 2006 at 21:06
Worked fine /Debian etch. Thank you!

[ Parent ]

Re: apt warnings about missing public keys
Posted by Anonymous (157.199.xx.xx) on Thu 30 Nov 2006 at 21:12
This worked perfectly. Thanks

[ Parent ]

worked great!
Posted by Anonymous (68.165.xx.xx) on Sat 16 Dec 2006 at 13:59
Thanks. :-)
I was trying to weird import of keys from wwweukey thing and that didn't work for me.

[ Parent ]