Tag Archives: GPG

Fixing GPG ERROR NO_PUBKEY on Ubuntu 14.04

I recently was working on installing pipelight-plugin so I could get the Unity3D plugin working on my Ubuntu desktop. Getting that working is another subject, but part way through the installation process I ran into an issue.

Part of what I had to do to install the Pipelight plugin was add a PPA; ppa:pipelight/stable to be exact. Normally, this would be totally fine. After I ran sudo add-apt-repository ppa:pipelight/stable, I ran the usual sudo apt-get update so I would have up to date software lists.

However, at the end of the output from the apt-get update command I noticed that there were a whole bunch of

GPG ERROR NO_PUBKEY : WARNING: The following packages cannot be authenticated!

errors!

This had been happening previously, but it was only the Virtualbox PPA, so I figured that their GPG public key had expired or been removed for whatever reason, and so didn’t give it any more thought. But now there were at least 5, if not 10 of these errors, including for various PPAs that I was fairly certain wouldn’t let their key expire.

Again, I continued working, thinking it strange, but not dangerous. However, then I started seeing

WARNING: The following packages cannot be authenticated!

when I was attempting to install new software or update via apt-get upgrade.

Now I knew something was up. So, I started researching via our ever-present and usually quite useful overlord, Google. While I did come across several Ask Ubuntu answers, it finally took a combination of four different answers (here, here, here, and here) and a Launchpad bug report to come up with the solution.

Basically, there is/was a bug in apt-get where it will return GPG ERROR NO_PUBKEY : WARNING: The following packages cannot be authenticated! for PPAs, even when the key is present on your system.

This leads to the WARNING: The following packages cannot be authenticated! error. From what I have seen, it doesn’t actually cause any issues initially, but it’s still good to resolve issues like these if possible.

So, I tried just running sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys x x x x x replacing the x with the public key number for the various “missing” keys, as recommended by this Q/A.

However, I still got the NO_PUBKEY error, along with a bunch of new ones that all said gpg: keyblock resource '/etc/apt/trusted.gpg.d/X.gpg.gpg': resource limit (replacing X with the various GPG files.)

So, I tried the solution suggested here, running sudo apt-key update followed by sudo apt-get update.

Again, I received the NO_PUBKEY error. So, I moved on to the final Q/A I found. The answer pointed me to Launchpad Bug #1263540, which had two solutions.

The first was to run this series of commands:

  1. sudo apt-get clean
  2. sudo mv /var/lib/apt/lists /var/apt/lists.old
  3. mkdir -p /var/lib/apt/lists/partial
  4. sudo apt-get update

However, this returned the same error. Again.

So, I scrolled down a bit further, and found this comment. This solution is what ultimately resolved the issue for me.

I went into /etc/apt/trusted.gpg.d/ and manually deleted a few of the .gpg files for PPAs I had removed/didn’t use anymore and voilĂ ! running apt-get update worked and apt-get upgrade no longer complained of un-authenticated packages.

As for what was causing this, it turns out that GnuPG has a limit of 40 keys GPG keys. Beyond that, it won’t accept any more.

Because apt-get/add-apt-repository don’t remove old and unused PGP/GPG keys, I had met the 40 key limit. When I removed the few un-used keys it brought the count under 40 and the issue was resolved.

Although there was a fix released for this in October of 2014, it has, for whatever reason, not been back-ported to Ubuntu 14.04, thus causing the issue I was having. According to this Debian bug report the package that contains the fix (libapt-pkg4.12) has not yet been back-ported to 14.04 as of June 2015, so anyone who runs into this issue is going to have to use this workaround in the meantime.

TL;DR: If this happens, then go into /etc/apt/trusted.gpg.d/ as root and delete any .gpg files for PPAs you have disabled. Then, run sudo apt-get update and everything should work again!

Thanks for reading, let me know if you run into any issues down in the comments section and I’ll if I can help!

Tagged , , , , ,
%d bloggers like this: