, , , , ,

When you are using APT (the package manager for Debian and Ubuntu Linux), you might receive some NO PUB_KEY errors – warnings that no public key could be found for one software repository or another. You can keep on going without fixing these warnings, but in the interest of security you should fix the problem. It is rather simple, after all.

Firstly, if you are running Ubuntu, you can use the Ubuntu key server to help you fix this problem. The server uses the SKS Key Server software to provide this valuable service.

The method is to first import the key into GPG (GNU Privacy Guard) via the Ubuntu key server (or indeed, any other), and then import it into APT via the apt-key command:

gpg --keyserver subkeys.pgp.net --recv 0123456789ABCDEF
gpg --export --armor 89ABCDEF | sudo apt-key add -

In place of 0123456789ABCDEF put the tag given in the NO PUB KEY message, and then insert the code given in the response from gpg in place of 89ABCDEF for the export.

However: apt-key has an apparently little known command option that will pass options directly to gpg. Using this option (“adv”), the update of the key can be done in one step instead of two:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0123456789ABCDEF

If you already have the appropriate gpg key – or can get it from an appropriate web site or FTP site – you can add it directly to your APT key ring using apt-key. For example, here is an example adapted from Google’s Linux Repository Configuration page:

wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

One could just as easily use any other method to get the file that supported the given URL. Remember that you must add the key as root; it won’t work otherwise. If you have the file locally, this is sufficient:

sudo apt-get add somekeyfile.gpg

Hope this helps you.