If you're using Fedora and have come across the NO_PUBKEY error, it means that a repository's public key is missing from your keyring. This guide will help you add the missing key to keep your system running smoothly.
The NO_PUBKEY error indicates that a repository's GPG key isn't present in your keyring, preventing the verification of packages from that repository. This verification ensures the packages you install are authentic and haven't been tampered with.
GPG key at http://example.com/fedora/RPM-GPG-KEY-example (0x0123456789ABCDEF) is not installed
First, identify the key ID from the error message. In the example above, the key ID is 0123456789ABCDEF.
Use the following command to fetch the missing key from a key server. Fedora uses rpm and gpg for key management.
gpg --keyserver keyserver.ubuntu.com --recv-keys 0123456789ABCDEF
Export the key to a file in the /etc/pki/rpm-gpg directory.
gpg --export --armor 0123456789ABCDEF | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-example
Ensure your repository configuration points to the updated key file. Edit the repository configuration file (e.g., /etc/yum.repos.d/example.repo) and update the gpgkey line if necessary:
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-example
Clear the YUM cache to ensure it recognizes the updated key.
sudo dnf clean all
Finally, update your system to apply the changes.
sudo dnf update
Some repositories specify their GPG keys directly in their configuration files. Here’s how to handle these cases.
Identify the Key ID
Find the key ID in the error message. For example, 9DC858229FC7DD38854AE2D88D81803C0EBFCD88.
Fetch the Missing Key
gpg --keyserver keyserver.ubuntu.com --recv-keys 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
Export the Key to the Keyring File
Export the key to the specific keyring file, such as /etc/pki/rpm-gpg/docker-archive-keyring.gpg.
gpg --export --armor 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 | sudo tee /etc/pki/rpm-gpg/docker-archive-keyring.gpg
Update the Repository Configuration
Ensure your repository configuration file points to the updated keyring file.
gpgkey=file:///etc/pki/rpm-gpg/docker-archive-keyring.gpg
Clean the YUM Cache and Update
sudo dnf clean all
sudo dnf update
For repositories that specify their keys, follow these steps:
Identify the Key ID
Find the key ID in the error message or repository documentation.
Fetch the Missing Key
gpg --keyserver keyserver.ubuntu.com --recv-keys <KEY_ID>
Export the Key to the Keyring File
gpg --export --armor <KEY_ID> | sudo tee /etc/pki/rpm-gpg/<repository-keyring-file>.gpg
Update the Repository Configuration
Ensure the repository configuration file points to the updated keyring file.
gpgkey=file:///etc/pki/rpm-gpg/<repository-keyring-file>.gpg
Clean the YUM Cache and Update
sudo dnf clean all
sudo dnf update
Suppose you have a custom repository configured like this:
[custom-repo]
name=Custom Repository
baseurl=https://example.com/fedora
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-custom
Identify the Key ID
Assume the key ID is 1234567890ABCDEF.
Fetch the Missing Key
gpg --keyserver keyserver.ubuntu.com --recv-keys 1234567890ABCDEFExport the Key to a File
gpg --export --armor 1234567890ABCDEF | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-custom
Update the Repository Configuration
Ensure your repository configuration points to the updated key file:
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-custom
Clean the YUM Cache and Update
sudo dnf clean all
sudo dnf update
By following these steps, you can resolve the NO_PUBKEY error on your Fedora system, ensuring your repositories remain functional and secure.
The NO_PUBKEY error can be frustrating, but it's a crucial part of maintaining the security and integrity of your package management on Fedora. Regularly updating your GPG keys and following the latest methods will keep your system safe and up-to-date. If you encounter this issue, refer back to this guide for a straightforward solution.