Wednesday, February 24, 2010

ppa package users and NO_PUBKEY - Dell laptops in particular

If you are seeing messages like:
'The following signatures couldn't be verified because the public key is not available'
when you attempt to update your Ubuntu machine then read on for what to do.

In particular Dell laptop users who have manually upgraded their distribution will likely keep seeing this message until they issue apt-key add

There is no mystery in all this and the message 'GPG error: http://ppa.launchpad.net' gives you a fair clue as to what is wrong I think.

In short you are consulting a ppa package repository aswell as the regular Ubuntu repositories. Message example here:


Steps to solve (illustrated in next few paragraphs):
  1. Get the missing key from a keyserver
  2. Add it to your local key store
Before attempting to get the key from the keyserver you might need to disable any firewall you run. Keyserver ports are quite rarely used, so it is possible your request will be blocked if you have a firewall active.


( The above is a fair illustration of a machine with no firewall running )
Command to check your machine: sudo /sbin/iptables -n -L

Now you can get the key from the keyserver:


( Click on the above image if it blurs on your screen or simply paste following command )

gpg --keyserver keyserver.ubuntu.com --recv 8B9FBE5158B3AFA9

Now to add it to your local keystore you will need an apt-key add perhaps like the following:

...which I repeat in convenient form here:

gpg --export --armor 8B9FBE5158B3AFA9 | sudo apt-key add -


If you get back an 'OK' message then your key was added to the local keystore and your next attempt to update will not see NO_PUBKEY messages :)

Note: All command examples in this post assume the ppa key you are missing is 8B9FBE5158B3AFA9. If your key is different, then just replace the key id I am using (which ends in AFA9) with the key id you are seeking and go that way.

*** End of main article ***

Footnotes: If at any point you witnessed a message that said 'unsafe ownership on configuration file...' then I write a short explanation in the next few sentences.

The gpg export command needs to be executed with your own privileges as by default only your userid can see the contents of ~/.gnupg/gpg.conf

running sudo gpg --export rather than the correct gpg --export command will trip you up.

Sometimes messages like 'WARNING: unsafe ownership' will make you wonder about your security setup but satisfy yourself that your ~/.gnupg/gpg.conf file really is only readable and writeable by your own user account with a simple ls command:

ls -l ~/.gnupg/gpg.conf

...which should show permissions like -rw------- if all is in order

Comment: My Dell Laptop (Inspiron 1525) came preinstalled with Ubuntu 7.10 (Gutsy) and had the relevant ppa keys from Day 1. When I manually upgraded to newer distributions, I choose to leave my preinstalled system behind, and this required me to add appropriate ppa keys .