Fixing GPG error “NO_PUBKEY”

In Debian, Ubuntu and similar distros that use the APT (Advanced Package Tool – which is a set of tools for managing Debian packages / applications), to update the system you need to run:

sudo apt update

This will read all repositories (as they are listed in /etc/apt/sources.list and under /etc/apt/sources.list.d/) and checks if everything is correct (e.g. if the links are working and these sites / repositories are trusted sources to install from). So by doing this in my system I got the following:

Hit:1 https://repo.skype.com/deb stable InRelease
Hit:2 http://security.debian.org/debian-security buster/updates InRelease
Hit:3 http://deb.debian.org/debian buster InRelease
Hit:4 http://deb.debian.org/debian buster-updates InRelease
Err:1 https://repo.skype.com/deb stable InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1F3045A5DF7587C3
Reading package lists... Done
Building dependency tree
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repo.skype.com/deb stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1F3045A5DF7587C3
W: Failed to fetch https://repo.skype.com/deb/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1F3045A5DF7587C3
W: Some index files failed to download. They have been ignored, or old ones used instead.

In this case there is an error with respect to Skype. The systems does not have the public key for this package, so it complains and prevents the system from downloading something which is not secure (and something that we want!).
At the same time this means that I didn’t do something correctly when installing Skype (and to be honest … I do not remember what I did!). Anyway, the proper procedure is a two-step process:

1. Add the repository under the /etc/apt/sources.list.d/ as a separate file,e.g. by:

echo "deb [arch=amd64] https://repo.skype.com/deb stable main" | sudo tee /etc/apt/sources.list.d/skype-stable.list

(adding the repository to /etc/apt/sources.list is actually equivalent – the only difference being that you need to edit that file while it is more convenient, especially for automated scripts, to create a new file under sources.list.d/)

2. Then, the second step is to download the GPG public key that verifies the repository. To do that we can simply:

sudo apt-key adv --fetch-keys https://repo.skype.com/data/SKYPE-GPG-KEY

and we will get:

Executing: /tmp/apt-key-gpghome.fD2Z003jib/gpg.1.sh --fetch-keys https://repo.skype.com/data/SKYPE-GPG-KEY
gpg: requesting key from 'https://repo.skype.com/data/SKYPE-GPG-KEY'
gpg: key 1F3045A5DF7587C3: public key "Skype Linux Client Repository <se-um@microsoft.com>" imported
gpg: Total number processed: 1
gpg: imported: 1

(This is similar or better of doing:

wget URL -O - | apt-key add -

or

curl URL | apt-key add ).

This adds the GPG key in the /etc/apt/trusted.gpg file, and now if we try again to update the system we will see no error or warning.

Hint: to see all the contents of the trusted.gpg file just type: apt-key list !

Leave a Reply

Your email address will not be published. Required fields are marked *