Question 47019 in Debian Question posted in
The oficial documentation can be found here.

How to automate installation of missing GPG keys on Linux – Debian

I’ve been working with Linux containers for several years. I am surprised that I wasn’t able to find a thread about this question. Scenario:

I’ve just added a new package index (/etc/sources.list.d/example.list) and want to install a package, let’s call it snailmail.

I run the commands:

apt-get update && apt-get install -y snailmail

I get the following error:

W: GPG error: https://example.com/snailmail/debian stable InRelease:
The following signatures couldn't be verified because the public key is not available:
NO_PUBKEY 7EF2A9D5F293ECE4

What is the best way to automate the installation of GPG keys?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Here's a handy script that can be called during the build process to download and install common GPG keys (from the Ubuntu keyserver):

    Prerequisites:

    • wget
    for PUBKEY in $(apt-get update 2>&1 | grep NO_PUBKEY | awk '{print $NF}')
do
 wget -q "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${PUBKEY}" -O - | sed -n '/BEGIN/,/END/p' | apt-key add - 2>/dev/null
done

  2. 0

    apt-key now seems to be deprecated, I have created a script that will detect and get the missing keys, you can get it here.

    #!/bin/sh -e
tmp="$(mktemp)"
sudo apt-get update 2>&1 | sed -En 's/.*NO_PUBKEY ([[:xdigit:]]+).*/1/p' | sort -u > "${tmp}"
cat "${tmp}" | xargs sudo gpg --keyserver "hkps://keyserver.ubuntu.com:443" --recv-keys  # to /usr/share/keyrings/*
cat "${tmp}" | xargs -L 1 sh -c 'sudo gpg --yes --output "/etc/apt/trusted.gpg.d/$1.gpg" --export "$1"' sh  # to /etc/apt/trusted.gpg.d/*
rm "${tmp}"
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search