[lug] apt-get: There is no public key available for the following key IDs
Jed S. Baer
blug at jbaer.cotse.net
Wed Nov 16 16:00:17 MST 2016
I just did an apt-get update, got the usual lines of output, then at the
bottom:
Fetched 4,528 kB in 14s (319
kB/s) Reading package lists... Done
W: There is no public key available for the following key IDs:
B7B9C16F2667CA5C
Plenty of results on a web search for that, the gist being that a
repository changed its signing key. Okay, I get that, but how would one
differentiate between a legitimate instance of such, vs. a crack?
And, identifying which repository isn't quite easy. I did find a little
script for doing it:
http://unix.stackexchange.com/questions/75807/no-public-key-available-on-apt-get-update
It loops through the *.gpg files at /var/lib/apt/lists/ and runs them
through grep for the key ID.
But that script gets me no hits for me. apt isn't telling me anything more
than the above, so I'm not sure where to dig around. Just randomly
looking at sites in my sources, I just noticed that
https://www.getdeb.net/ returns a 526 - invalid ssl certificate. The repo
is http://archive.getdeb.net/ubuntu which is a 404, but I don't think
that'd result in that apt error.
The various sites which come up just indicate downloading and installing
the new key, but don't have much to say about how to determine if there's
a genuine security issue.
Any thoughts?
More information about the LUG
mailing list