Importing keys from keyring.debian.org fail












1














Updating repositories with apt update fails since the public keys of several signatures are not available.



$ sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease
Hit:8 http://ftp.fr.debian.org/debian stretch Release
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]
Hit:9 https://riot.im/packages/debian stretch InRelease
Hit:10 http://ftp.fr.debian.org/debian jessie Release
Err:1 http://security.debian.org/debian-security stretch/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release
Err:14 http://deb.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-amd64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-amd64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


I tried to update the keys without keyring.debian.org



$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1


and with



$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


ca-certificates is up-to-date with version 20180409 as well as debian-keyring with version 2018.03.24.



I have also deleted /etc/apt/trusted.gpg as per https://serverfault.com/q/851724.



@Stephen Kitt's request:



$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root 4096 Jan 2 10:42 .
drwxr-xr-x 6 root root 4096 Jan 2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan 2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root 2796 Feb 6 2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root 2794 Feb 6 2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
Installed: 2017.7ubuntu1
Candidate: 2017.7ubuntu1
Version table:
*** 2017.7ubuntu1 500
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status
2017.5 500
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
500 http://deb.debian.org/debian stretch/main amd64 Packages
500 http://deb.debian.org/debian stretch/main i386 Packages
2017.5~deb8u1 500
500 http://ftp.fr.debian.org/debian jessie/main amd64 Packages
500 http://ftp.fr.debian.org/debian jessie/main i386 Packages


How do I resolve the issue of importing the proper keys?










share|improve this question
























  • Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
    – Stephen Kitt
    4 hours ago










  • I have included the output @StephenKitt.
    – Pradana Aumars
    4 hours ago
















1














Updating repositories with apt update fails since the public keys of several signatures are not available.



$ sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease
Hit:8 http://ftp.fr.debian.org/debian stretch Release
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]
Hit:9 https://riot.im/packages/debian stretch InRelease
Hit:10 http://ftp.fr.debian.org/debian jessie Release
Err:1 http://security.debian.org/debian-security stretch/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release
Err:14 http://deb.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-amd64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-amd64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


I tried to update the keys without keyring.debian.org



$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1


and with



$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


ca-certificates is up-to-date with version 20180409 as well as debian-keyring with version 2018.03.24.



I have also deleted /etc/apt/trusted.gpg as per https://serverfault.com/q/851724.



@Stephen Kitt's request:



$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root 4096 Jan 2 10:42 .
drwxr-xr-x 6 root root 4096 Jan 2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan 2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root 2796 Feb 6 2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root 2794 Feb 6 2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
Installed: 2017.7ubuntu1
Candidate: 2017.7ubuntu1
Version table:
*** 2017.7ubuntu1 500
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status
2017.5 500
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
500 http://deb.debian.org/debian stretch/main amd64 Packages
500 http://deb.debian.org/debian stretch/main i386 Packages
2017.5~deb8u1 500
500 http://ftp.fr.debian.org/debian jessie/main amd64 Packages
500 http://ftp.fr.debian.org/debian jessie/main i386 Packages


How do I resolve the issue of importing the proper keys?










share|improve this question
























  • Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
    – Stephen Kitt
    4 hours ago










  • I have included the output @StephenKitt.
    – Pradana Aumars
    4 hours ago














1












1








1







Updating repositories with apt update fails since the public keys of several signatures are not available.



$ sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease
Hit:8 http://ftp.fr.debian.org/debian stretch Release
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]
Hit:9 https://riot.im/packages/debian stretch InRelease
Hit:10 http://ftp.fr.debian.org/debian jessie Release
Err:1 http://security.debian.org/debian-security stretch/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release
Err:14 http://deb.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-amd64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-amd64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


I tried to update the keys without keyring.debian.org



$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1


and with



$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


ca-certificates is up-to-date with version 20180409 as well as debian-keyring with version 2018.03.24.



I have also deleted /etc/apt/trusted.gpg as per https://serverfault.com/q/851724.



@Stephen Kitt's request:



$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root 4096 Jan 2 10:42 .
drwxr-xr-x 6 root root 4096 Jan 2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan 2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root 2796 Feb 6 2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root 2794 Feb 6 2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
Installed: 2017.7ubuntu1
Candidate: 2017.7ubuntu1
Version table:
*** 2017.7ubuntu1 500
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status
2017.5 500
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
500 http://deb.debian.org/debian stretch/main amd64 Packages
500 http://deb.debian.org/debian stretch/main i386 Packages
2017.5~deb8u1 500
500 http://ftp.fr.debian.org/debian jessie/main amd64 Packages
500 http://ftp.fr.debian.org/debian jessie/main i386 Packages


How do I resolve the issue of importing the proper keys?










share|improve this question















Updating repositories with apt update fails since the public keys of several signatures are not available.



$ sudo apt update
Get:1 http://security.debian.org/debian-security stretch/updates InRelease [94.3 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Ign:4 http://ftp.fr.debian.org/debian stretch InRelease
Ign:6 http://ftp.fr.debian.org/debian jessie InRelease
Hit:7 https://fr.archive.ubuntu.com/ubuntu bionic InRelease
Hit:8 http://ftp.fr.debian.org/debian stretch Release
Get:5 http://ftp.fr.debian.org/debian stretch-updates InRelease [91.0 kB]
Hit:9 https://riot.im/packages/debian stretch InRelease
Hit:10 http://ftp.fr.debian.org/debian jessie Release
Err:1 http://security.debian.org/debian-security stretch/updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
Get:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease [1,480 B]
Ign:12 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ InRelease
Hit:13 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release
Err:14 http://deb.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Get:15 https://content.runescape.com/downloads/ubuntu trusty InRelease [2,236 B]
Err:16 http://ftp.fr.debian.org/debian stretch Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
Err:9 https://riot.im/packages/debian stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
Err:5 http://ftp.fr.debian.org/debian stretch-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Err:17 http://ftp.fr.debian.org/debian jessie Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
Err:11 https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
Err:18 http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
Err:15 https://content.runescape.com/downloads/ubuntu trusty InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://security.debian.org/debian-security stretch/updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9D6D8F6BC857C906 NO_PUBKEY 8B48AD6246925553
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://deb.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: Skipping acquire of configured file 'xenial/binary-amd64/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/binary-i386/Packages' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en_US' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/i18n/Translation-en' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/Components-amd64.yml' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: Skipping acquire of configured file 'xenial/dep11/icons-64x64.tar' as repository 'https://fr.archive.ubuntu.com/ubuntu bionic InRelease' doesn't have the component 'xenial' (component misspelt in sources.list?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY EF0F382A1A7B6500
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://riot.im/packages/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E019645248E8F4A1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian stretch-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ftp.fr.debian.org/debian jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 NO_PUBKEY CBF8D6FD518E17E1
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://mega.nz/linux/MEGAsync/Debian_9.0 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4B4E7A9523ACD201
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://download.opensuse.org/repositories/home:/strycore/Debian_9.0 ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 2F7F0DA5FD5B64B9
W: GPG error: https://content.runescape.com/downloads/ubuntu trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7373B12CE03BEB4B
E: The repository 'https://content.runescape.com/downloads/ubuntu trusty InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


I tried to update the keys without keyring.debian.org



$ gpg  --recv-keys 9D6D8F6BC857C906
gpg: key 9D6D8F6BC857C906: 12 signatures not checked due to missing keys
gpg: key 9D6D8F6BC857C906: "Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1


and with



$ gpg --keyserver keyring.debian.org --recv-keys 9D6D8F6BC857C906
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


ca-certificates is up-to-date with version 20180409 as well as debian-keyring with version 2018.03.24.



I have also deleted /etc/apt/trusted.gpg as per https://serverfault.com/q/851724.



@Stephen Kitt's request:



$ ls -la /etc/apt/trusted.gpg.d
total 28
drwxr-xr-x 2 root root 4096 Jan 2 10:42 .
drwxr-xr-x 6 root root 4096 Jan 2 11:06 ..
-rw-r--r-- 1 root root 10345 Jan 2 10:42 ubuntu-keyring-2012-archive.gpg
-rw-r--r-- 1 root root 2796 Feb 6 2018 ubuntu-keyring-2012-archive.gpg~
-rw-r--r-- 1 root root 2794 Feb 6 2018 ubuntu-keyring-2012-cdimage.gpg

$ apt policy debian-archive-keyring
debian-archive-keyring:
Installed: 2017.7ubuntu1
Candidate: 2017.7ubuntu1
Version table:
*** 2017.7ubuntu1 500
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
500 https://fr.archive.ubuntu.com/ubuntu bionic/universe i386 Packages
100 /var/lib/dpkg/status
2017.5 500
500 http://ftp.fr.debian.org/debian stretch/main amd64 Packages
500 http://ftp.fr.debian.org/debian stretch/main i386 Packages
500 http://deb.debian.org/debian stretch/main amd64 Packages
500 http://deb.debian.org/debian stretch/main i386 Packages
2017.5~deb8u1 500
500 http://ftp.fr.debian.org/debian jessie/main amd64 Packages
500 http://ftp.fr.debian.org/debian jessie/main i386 Packages


How do I resolve the issue of importing the proper keys?







debian apt gpg






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 1 hour ago









Jeff Schaller

38.8k1053125




38.8k1053125










asked 4 hours ago









Pradana Aumars

16010




16010












  • Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
    – Stephen Kitt
    4 hours ago










  • I have included the output @StephenKitt.
    – Pradana Aumars
    4 hours ago


















  • Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
    – Stephen Kitt
    4 hours ago










  • I have included the output @StephenKitt.
    – Pradana Aumars
    4 hours ago
















Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
– Stephen Kitt
4 hours ago




Could you edit your question to show the output of ls -l /etc/apt/trusted.gpg.d, and apt policy debian-archive-keyring?
– Stephen Kitt
4 hours ago












I have included the output @StephenKitt.
– Pradana Aumars
4 hours ago




I have included the output @StephenKitt.
– Pradana Aumars
4 hours ago










1 Answer
1






active

oldest

votes


















4














You need to install Debian’s version of debian-archive-keyring, the package containing the archive keys. You currently have Ubuntu’s. (debian-keyring contains the developers’ keys.)



You’ll probably have to download it manually and install it using dpkg -i (as root, or using sudo).



As a longer-term fix, you should either drop Bionic from your repositories, or configure pinning correctly so that it isn’t used as an upgrade candidate by default.






share|improve this answer





















  • Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
    – Pradana Aumars
    4 hours ago










  • Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
    – Stephen Kitt
    3 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492013%2fimporting-keys-from-keyring-debian-org-fail%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









4














You need to install Debian’s version of debian-archive-keyring, the package containing the archive keys. You currently have Ubuntu’s. (debian-keyring contains the developers’ keys.)



You’ll probably have to download it manually and install it using dpkg -i (as root, or using sudo).



As a longer-term fix, you should either drop Bionic from your repositories, or configure pinning correctly so that it isn’t used as an upgrade candidate by default.






share|improve this answer





















  • Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
    – Pradana Aumars
    4 hours ago










  • Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
    – Stephen Kitt
    3 hours ago
















4














You need to install Debian’s version of debian-archive-keyring, the package containing the archive keys. You currently have Ubuntu’s. (debian-keyring contains the developers’ keys.)



You’ll probably have to download it manually and install it using dpkg -i (as root, or using sudo).



As a longer-term fix, you should either drop Bionic from your repositories, or configure pinning correctly so that it isn’t used as an upgrade candidate by default.






share|improve this answer





















  • Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
    – Pradana Aumars
    4 hours ago










  • Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
    – Stephen Kitt
    3 hours ago














4












4








4






You need to install Debian’s version of debian-archive-keyring, the package containing the archive keys. You currently have Ubuntu’s. (debian-keyring contains the developers’ keys.)



You’ll probably have to download it manually and install it using dpkg -i (as root, or using sudo).



As a longer-term fix, you should either drop Bionic from your repositories, or configure pinning correctly so that it isn’t used as an upgrade candidate by default.






share|improve this answer












You need to install Debian’s version of debian-archive-keyring, the package containing the archive keys. You currently have Ubuntu’s. (debian-keyring contains the developers’ keys.)



You’ll probably have to download it manually and install it using dpkg -i (as root, or using sudo).



As a longer-term fix, you should either drop Bionic from your repositories, or configure pinning correctly so that it isn’t used as an upgrade candidate by default.







share|improve this answer












share|improve this answer



share|improve this answer










answered 4 hours ago









Stephen Kitt

164k24365444




164k24365444












  • Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
    – Pradana Aumars
    4 hours ago










  • Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
    – Stephen Kitt
    3 hours ago


















  • Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
    – Pradana Aumars
    4 hours ago










  • Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
    – Stephen Kitt
    3 hours ago
















Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
– Pradana Aumars
4 hours ago




Should I delete Ubuntu's keyring? Or maybe reinstall them after updating the repositories?
– Pradana Aumars
4 hours ago












Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
– Stephen Kitt
3 hours ago




Installing the Debian keyring package will remove the Ubuntu keyring; you can re-install it by installing the ubuntu-archive-keyring package instead.
– Stephen Kitt
3 hours ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492013%2fimporting-keys-from-keyring-debian-org-fail%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Eastern Orthodox Church

Zagreb

Understanding the information contained in the Deep Space Network XML data?