Upgrading from 5 to 6, can't run apt update (NO_PUBKEY errors)

J

janikah

New Member
Proxmox Subscriber
Sep 16, 2020
9
0
1
74
I've just finished following the instructions for going from version 4 to 5. That went fine. I'm now moving from version 5 to 6 and unfortuantely I've hit a bit of a brick wall.

I followed the instructions here: https://pve.proxmox.com/wiki/Upgrade_from_5.x_to_6.0#New_installation up until running "apt update" for the first time. I get this output:
Code: 
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Ign:5 http://hwraid.le-vert.net/debian stretch InRelease
Hit:6 http://hwraid.le-vert.net/debian stretch Release
Get:8 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Err:8 http://download.proxmox.com/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Get:9 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Err:9 http://download.proxmox.com/debian/corosync-3 stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Reading package lists... Done
W: GPG error: http://download.proxmox.com/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.proxmox.com/debian/corosync-3 stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian/corosync-3 stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

After seeing this output I attempted to add the key:
Code: 
wget http://download.proxmox.com/debian/key.asc (this succeeded)
apt-key add key.asc
However adding the key gets this output:
Code: 
gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_get_keyblock failed: Value not found
gpg: [don't know]: invalid packet (ctb=2d)
gpg: /tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg: copy to '/tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg.tmp' failed: Invalid packet
gpg: error writing keyring '/tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg': Invalid packet
gpg: [don't know]: invalid packet (ctb=2d)
gpg: error reading 'key.asc': Invalid packet
gpg: import from 'key.asc' failed: Invalid packet

Here is the contents of my sources.list:
Code: 
deb http://ftp.au.debian.org/debian stretch main contrib

# security updates
deb http://security.debian.org stretch/updates main contrib

#Raid management tools
deb http://hwraid.le-vert.net/debian stretch main

#apt repository
deb http://download.proxmox.com/debian stretch pve-no-subscription

Is there a way for me to fix this?
 
what does pveversion -v say?
 
Code: 
root@vmhost01:~# pveversion -v
proxmox-ve: 5.4-2 (running kernel: 4.15.18-30-pve)
pve-manager: 5.4-15 (running version: 5.4-15/d0ec33c6)
pve-kernel-4.15: 5.4-19
pve-kernel-4.15.18-30-pve: 4.15.18-58
pve-kernel-4.4.134-1-pve: 4.4.134-112
pve-kernel-4.4.76-1-pve: 4.4.76-94
pve-kernel-4.4.62-1-pve: 4.4.62-88
pve-kernel-4.4.59-1-pve: 4.4.59-87
pve-kernel-4.4.19-1-pve: 4.4.19-66
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-12
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-56
libpve-guest-common-perl: 2.0-20
libpve-http-server-perl: 2.0-14
libpve-storage-perl: 5.0-44
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.1.0-7
lxcfs: 3.0.3-pve1
novnc-pve: 1.0.0-3
proxmox-widget-toolkit: 1.0-28
pve-cluster: 5.0-38
pve-container: 2.0-42
pve-docs: 5.4-2
pve-edk2-firmware: 1.20190312-1
pve-firewall: 3.0-22
pve-firmware: 2.0-7
pve-ha-manager: 2.0-9
pve-i18n: 1.1-4
pve-libspice-server1: 0.14.1-2
pve-qemu-kvm: 3.0.1-4
pve-xtermjs: 3.12.0-1
qemu-server: 5.0-56
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.13-pve1~bpo2
 
what does ls -lh /etc/apt/trusted.gpg.d output? what about md5sum /etc/apt/trusted.gpg.d/proxmox*?
 
Code: 
root@vmhost01:~# ls -lh /etc/apt/trusted.gpg.d
total 72K
-rw-r--r-- 1 root root 8.0K Jul  7  2019 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8.0K Jul  7  2019 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2.3K Jul  7  2019 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 5.1K Dec  1  2014 debian-archive-jessie-automatic.gpg
-rw-r--r-- 1 root root 5.1K Dec  1  2014 debian-archive-jessie-security-automatic.gpg
-rw-r--r-- 1 root root 2.8K Dec  1  2014 debian-archive-jessie-stable.gpg
-rw-r--r-- 1 root root 7.4K Jun 18  2017 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7.4K Jun 18  2017 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2.3K Jun 18  2017 debian-archive-stretch-stable.gpg
-rw-r--r-- 1 root root  574 Sep 14 09:54 proxmox-ve-release-5.x.gpg
-rw-r--r-- 1 root root 1.2K Mar  9  2018 proxmox-ve-release-5.x.gpg.dpkg-dist
-rw-r--r-- 1 root root 1.2K Nov 19  2018 proxmox-ve-release-6.x.gpg
Code: 
root@vmhost01:~# md5sum /etc/apt/trusted.gpg.d/proxmox*
2dd42e095b62f4c5e7a45a0e61044da0  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
511d36d0f1350c01c42a3dc9f3c27939  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist
f3f6c5a3a67baf38ad178e5ff1ee270c  /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
 
Code: 
511d36d0f1350c01c42a3dc9f3c27939  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist

that one is the proper one, could you try
Code: 
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist /proxmox-ve-release-5.x.gpg
apt update

if that does not help, please install and run debsums
 
Thanks Fabian, I've done both those things and still can't run apt update:
debsums flew by a bit too fast to track but I didn't see any that showed anything other than "OK".
Code: 
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Get:5 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Err:5 http://download.proxmox.com/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Ign:6 http://hwraid.le-vert.net/debian stretch InRelease
Get:7 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Err:7 http://download.proxmox.com/debian/corosync-3 stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Hit:8 http://hwraid.le-vert.net/debian stretch Release
Reading package lists... Done
W: GPG error: http://download.proxmox.com/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.proxmox.com/debian/corosync-3 stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian/corosync-3 stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
 
what does apt-key list say?
 
Code: 
root@vmhost01:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2013-07-24 [SC]
      0073 C119 19A6 4146 4163  F711 6005 210E 23B3 D3B4
uid           [ unknown] HWRaid (http://hwraid.le-vert.net) <root@hwraid.le-vert.net>
sub   rsa2048 2013-07-24 [E]

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
-------------------------------------------------
pub   rsa4096 2018-11-19 [SC] [expires: 2028-11-16]
      3534 79F8 3781 D7F8 ED5F  5AC5 7BF2 812E 8A6E 88E0
uid           [ unknown] Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>
 
ahm sorry. I mis-copied the mv command in my previous post. mv /proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d followed by apt update?
 
Nice one looks like that's done it. Thanks for your help Fabian!
Code: 
root@vmhost01:~# mv /proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Ign:5 http://hwraid.le-vert.net/debian stretch InRelease
Get:6 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Hit:7 http://hwraid.le-vert.net/debian stretch Release
Get:8 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Fetched 5,029 B in 11s (449 B/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.
 
You must log in or register to reply here.
Top Bottom