How to Fix NO_PUBKEY Error on Debian

Encountering the NO_PUBKEY error on Debian? This error indicates that a repository's public key is missing from your keyring. Follow this guide to resolve the issue and keep your system running smoothly.

Understanding the NO_PUBKEY Error

The NO_PUBKEY error means that a repository's GPG key isn't present in your keyring, preventing the verification of packages from that repository. This verification ensures that the packages you install are authentic and secure.

Example Error Message

W: GPG error: http://example.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0123456789ABCDEF

Step-by-Step Guide to Fix NO_PUBKEY Error on Debian

1. Identify the Missing Key

First, identify the key ID from the error message. In the example above, the key ID is 0123456789ABCDEF.

2. Fetch the Missing Key

Use the following command to fetch the missing key from a key server.

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0123456789ABCDEF

3. Update Your System

Finally, update your system to apply the changes.

sudo apt-get update

Handling Specific Keyring Files

Some repositories specify their GPG keys directly in their configuration files. Here’s how to handle these cases.

Example: Adding the Docker Key

  1. Identify the Key ID

    Find the key ID in the error message. For example, 9DC858229FC7DD38854AE2D88D81803C0EBFCD88.

  2. Fetch the Missing Key

    curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
    
  3. Update the Repository Configuration

    Ensure your repository configuration file points to the updated keyring file. For example, edit /etc/apt/sources.list.d/docker.list:

    deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable
    
  4. Update Your System

    sudo apt-get update
    

General Steps for Any Repository with Pinned Keys

For repositories that specify their keys, follow these steps:

  1. Identify the Key ID

    Find the key ID in the error message or repository documentation.

  2. Fetch the Missing Key

    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <KEY_ID>
    
  3. Update the Repository Configuration

    Ensure the repository configuration file points to the updated keyring file.

  4. Update Your System

    sudo apt-get update
    

Complete Example: Adding a Custom Repository Key

Suppose you have a custom repository configured like this:

deb [signed-by=/usr/share/keyrings/custom-archive-keyring.gpg] https://example.com/debian stable main
  1. Identify the Key ID

    Assume the key ID is 1234567890ABCDEF.

  2. Fetch the Missing Key

    curl -fsSL https://example.com/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/custom-archive-keyring.gpg
    
  3. Update the Repository Configuration

    Ensure your repository configuration points to the updated key file.

    deb [signed-by=/usr/share/keyrings/custom-archive-keyring.gpg] https://example.com/debian stable main
    
  4. Update Your System

    sudo apt-get update
    

By following these steps, you can resolve the NO_PUBKEY error on your Debian system, ensuring your repositories remain functional and secure.

Conclusion

The NO_PUBKEY error can be frustrating, but it's a critical part of maintaining the security and integrity of your package management on Debian. Regularly updating your GPG keys and following the latest methods will keep your system safe and up-to-date. If you encounter this issue, refer back to this guide for a straightforward solution.