Join Log in
Score:4
Sadraw avatar Ubuntu

Can't add a Public Key to Ubuntu 22.04

sm flag
Sadraw

I'm getting an error while trying to update ubuntu. I tried to manually add the key mentioned in the errors to my system by using:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 871920D1991BC93C

But it doesn't make any changes and I still get the same error. And I am a bit concerned about my repositories as well. I kinda think I'm missing something here.

    sudo apt-get update
Hit:1 http://archive.canonical.com/ubuntu jammy InRelease
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]                                         
Hit:3 https://dl.winehq.org/wine-builds/ubuntu jammy InRelease                                          
Hit:4 https://repositories.intel.com/graphics/ubuntu focal InRelease                                    
Get:5 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]                  
Get:6 http://archive.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [107 kB]
Err:1 http://archive.canonical.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:4 https://repositories.intel.com/graphics/ubuntu focal InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B10C065DBB72B06
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Hit:8 https://repositories.intel.com/graphics/ubuntu jammy InRelease
Err:5 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:6 http://archive.ubuntu.com/ubuntu jammy-security InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.canonical.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repositories.intel.com/graphics/ubuntu focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9B10C065DBB72B06
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Here is my sources.list output which I think it should not be correct because I changed it myself. I was in a lot trouble with the default one for 22.04, and so I decided to back in time a bit :

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu/ focal main restricted
deb-src http://archive.ubuntu.com/ubuntu/ focal main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ focal universe
deb-src http://archive.ubuntu.com/ubuntu/ focal universe
deb http://archive.ubuntu.com/ubuntu/ focal-updates universe
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu/ focal multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal multiverse
deb http://archive.ubuntu.com/ubuntu/ focal-updates multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu focal partner
# deb-src http://archive

And here is my output for sudo apt-get update after all the changes:

sudo apt-get update
Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Reading package lists... Done
W: http://archive.ubuntu.com/ubuntu/dists/focal/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
W: http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

I still have the problem

4767
1 + 4
apt
Saxtheowl avatar
iq flag
Saxtheowl
check if the key has already been added sudo apt-key list | grep 871920D1991BC93C
1
Reply
ru flag
Thomas Ward
apt-key is deprecated in favor of individual signing keys assigned to each repository. I'm on my phone so I can't type an answer quickly but I"ll write up an answer after I'm at the hotel. Can you include the output of your `/etc/apt/sources.list` if you are working with ubuntu mirrors so I can guide you into how to set this up? I'm assuming you're using a mirror and not the main repos given ubuntu.lafibre.com as your URLs.
1
Reply
Sadraw avatar
sm flag
Sadraw
@Saxtheowl I tried that. It actually is added to my key list, but again when I want to simply update, it still shows me the message saying the key was not added.
0
Reply
Sadraw avatar
sm flag
Sadraw
@ThomasWard that would be great Thomas! I just added the output to the main question
0
Reply
Score:9
avatar Ubuntu
ru flag
Thomas Ward

In Ubuntu 22.04, a lot has changed with how apt handles keys now. Namely, apt-key is deprecated in favor of direct keyring management for each repository.

I'm going to assume that your main /etc/apt/sources.list file is specifically pointing everything at ubuntu.lafibre.info which is NOT a standard mirror.

The only real way to do this proper nowadays is to download the main keyring keys into either /etc/apt/keyrings/ and then add them one by one to your repositories' settings, or add them to /etc/apt/trusted.gpg.d then anything signed with that key will be trusted:

gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 871920D1991BC93C
gpg --export 871920D1991BC93C | sudo tee /etc/apt/trusted.gpg.d/ubuntu.lafibre.info.gpg

This will first download the key to your standard gnupg keyring. We then take that key and export it in readable format to the file at /etc/apt/trusted.gpg.d/ubuntu.lafibre.info.gpg which should then work when you run sudo apt update.

Run sudo apt update and it should work now.

NOTICE: If you do this, you are trusting that PGP / GPG key to sign ANY repository, so this is not the most secure method. The more secure method is to download this key to /etc/apt/keyrings/ubuntu.lafibre.info.gpg then change every line that uses this URL to say deb [ signed-by=/etc/apt/keyrings/ubuntu.lafibre.info.gpg ] at the beginning instead of deb, which is the more secure approach.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.