Ubuntu: GPG public key not available during apt-get update

Posted on Monday 7 September 2015 by J. D. Bartlett

I have recently had a problem where apt-get update complained with errors like this (but more of them):

W: GPG error: http://mirror.internode.on.net utopic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.canonical.com utopic Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

A little bit of googling revealed that I should import the keys using apt-key  or y-ppa-manager , but this did not fix the issue for me. In fact, apt-key  assured me that I already had the keys in question:

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 3B4FE6ACC0B21F32

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --homedir /tmp/tmp.HxoG9btVKl --no-auto-check-trustdb --trust-model always --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyring /etc/apt/trusted.gpg.d/rickyrockrat_ubuntu_parcellite-appindicator.gpg --keyring /etc/apt/trusted.gpg.d/sil.gpg --keyring /etc/apt/trusted.gpg.d/webupd8team_ubuntu_y-ppa-manager.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5 3B4FE6ACC0B21F32
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: requesting key C0B21F32 from hkp server keyserver.ubuntu.com
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>" not changed
gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>" not changed
gpg: Total number processed: 2
gpg:              unchanged: 2

Since now, after much searching, I have found a solution, I thought it worthwhile to write an article about it here in the hopes of reducing the time wasted by anyone who hits this problem in future.

For full details, check out the answer on the Ask Ubuntu Stack Exchange, but basically, it seems like what happened is that GPG can only handle a limited number of key stores. By clearing out the trusted keys in /etc/apt/trusted.gpg.d , we reduce the number of key stores by one and things start working again. The downside is that Ubuntu no longer trusts the third party sources that I want it to, but at least it trusts the Ubuntu repositories now!

This entry was posted in midlength and tagged , , , . Bookmark the permalink.

Comments are closed.