Debian apt install: public key is not available

I am following instructions from https://apt.syncthing.net/ to install Syncthing on Debian 11.

When running apt update, after downloading key, setting up sources list and repo pinning, I am getting the following error:

(logs have had links reformatted, as new users can max include 2 links per post)

$ sudo apt update

Get:1 #https#apt#syncthing#net# syncthing InRelease [15,1 kB]

Err:1 #https#apt#syncthing#net# syncthing InRelease

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D26E6ED000654A3E

W: GPG error: #https#apt#syncthing#net# syncthing InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D26E6ED000654A3E

E: The repository ‘#https#apt#syncthing#net# syncthing InRelease’ is not signed.

N: Updating from such a repository can’t be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

And more detail when outputting debug information:

$ sudo apt -o Debug::Acquire::gpgv=True update

Get:1 #https#apt#syncthing#net# syncthing InRelease [15,1 kB]

0% [Waiting for headers]inside VerifyGetSigners

Preparing to exec: /usr/bin/apt-key --quiet --readonly --keyring /usr/local/share/keyrings/syncthing-release-key.gpg verify --status-fd 3 /tmp/apt.sig.kCPtm8 /tmp/apt.data.9HQRd9

Read: [GNUPG:] NEWSIG

Read: [GNUPG:] ERRSIG D26E6ED000654A3E 1 8 01 1628598344 9 -

Got ERRSIG D26E6ED000654A3E !

Read: [GNUPG:] NO_PUBKEY D26E6ED000654A3E

Got NO_PUBKEY D26E6ED000654A3E !

gpgv exited with status 2

Summary:

Good:

Valid:

Bad:

Worthless:

SoonWorthless:

NoPubKey: NO_PUBKEY D26E6ED000654A3E

Signed-By:

NODATA: no

Err:1 #https#apt#syncthing#net# syncthing InRelease

The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D26E6ED000654A3E

W: GPG error: #https#apt#syncthing#net# syncthing InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY D26E6ED000654A3E

E: The repository ‘#https#apt#syncthing#net# syncthing InRelease’ is not signed.

N: Updating from such a repository can’t be done securely, and is therefore disabled by default.

N: See apt-secure(8) manpage for repository creation and user configuration details.

It seems to me that apt is correctly handing over the location of the key I have downloaded. Does this indicate that gpg can not read the contents of the key? Or maybe the key is somehow corrupted?

When I inspect the key,

sudo gpg --show-keys sublime-keyring.gpg

, I get the following, which seems plausibly correct:

pub rsa2048 2014-12-29 [SC]

  37C84554E7E0A261E4F76E1ED26E6ED000654A3E

uid Syncthing Release Management release@syncthing.net

sub rsa2048 2014-12-29 [E]

The key seems readable. So what went wrong? How can I get this to function correctly?

Hi Thomas,

I just tried again to follow the linked instructions and for me it worked flawlessly. Must be something in your setup.

I’m not sure it really is inspecting the correct file. Can you please paste the output of ls -l /usr/share/keyrings/syncthing-archive-keyring.gpg? Or if you put the key in a different location than advised, then please show that listing. sublime-keyring.gpg looks strange already.

What are the contents of your /etc/apt/sources.list.d/syncthing.list file? The path to the key there must match exactly where you saved it to.

Thank you for the feedback. It helped me go back over what I had done with fresh eyes.

Turns out I had messed around with the permissions of the key file and assigned 0640 instead of 0644, which prevented apt from reading.

I just installed Syncthing and got it up and running :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.