Upgrading from 5 to 6, can't run apt update (NO_PUBKEY errors)

Sep 16, 2020
9
0
1
73
I've just finished following the instructions for going from version 4 to 5. That went fine. I'm now moving from version 5 to 6 and unfortuantely I've hit a bit of a brick wall.

I followed the instructions here: https://pve.proxmox.com/wiki/Upgrade_from_5.x_to_6.0#New_installation up until running "apt update" for the first time. I get this output:
Code:
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Ign:5 http://hwraid.le-vert.net/debian stretch InRelease
Hit:6 http://hwraid.le-vert.net/debian stretch Release
Get:8 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Err:8 http://download.proxmox.com/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Get:9 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Err:9 http://download.proxmox.com/debian/corosync-3 stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Reading package lists... Done
W: GPG error: http://download.proxmox.com/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.proxmox.com/debian/corosync-3 stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian/corosync-3 stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

After seeing this output I attempted to add the key:
Code:
wget http://download.proxmox.com/debian/key.asc (this succeeded)
apt-key add key.asc
However adding the key gets this output:
Code:
gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_get_keyblock failed: Value not found
gpg: [don't know]: invalid packet (ctb=2d)
gpg: /tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg: copy to '/tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg.tmp' failed: Invalid packet
gpg: error writing keyring '/tmp/apt-key-gpghome.Y5gO5dqVh0/pubring.gpg': Invalid packet
gpg: [don't know]: invalid packet (ctb=2d)
gpg: error reading 'key.asc': Invalid packet
gpg: import from 'key.asc' failed: Invalid packet

Here is the contents of my sources.list:
Code:
deb http://ftp.au.debian.org/debian stretch main contrib

# security updates
deb http://security.debian.org stretch/updates main contrib

#Raid management tools
deb http://hwraid.le-vert.net/debian stretch main

#apt repository
deb http://download.proxmox.com/debian stretch pve-no-subscription

Is there a way for me to fix this?
 
what does pveversion -v say?
 
Code:
root@vmhost01:~# pveversion -v
proxmox-ve: 5.4-2 (running kernel: 4.15.18-30-pve)
pve-manager: 5.4-15 (running version: 5.4-15/d0ec33c6)
pve-kernel-4.15: 5.4-19
pve-kernel-4.15.18-30-pve: 4.15.18-58
pve-kernel-4.4.134-1-pve: 4.4.134-112
pve-kernel-4.4.76-1-pve: 4.4.76-94
pve-kernel-4.4.62-1-pve: 4.4.62-88
pve-kernel-4.4.59-1-pve: 4.4.59-87
pve-kernel-4.4.19-1-pve: 4.4.19-66
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-12
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-56
libpve-guest-common-perl: 2.0-20
libpve-http-server-perl: 2.0-14
libpve-storage-perl: 5.0-44
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.1.0-7
lxcfs: 3.0.3-pve1
novnc-pve: 1.0.0-3
proxmox-widget-toolkit: 1.0-28
pve-cluster: 5.0-38
pve-container: 2.0-42
pve-docs: 5.4-2
pve-edk2-firmware: 1.20190312-1
pve-firewall: 3.0-22
pve-firmware: 2.0-7
pve-ha-manager: 2.0-9
pve-i18n: 1.1-4
pve-libspice-server1: 0.14.1-2
pve-qemu-kvm: 3.0.1-4
pve-xtermjs: 3.12.0-1
qemu-server: 5.0-56
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.13-pve1~bpo2
 
what does ls -lh /etc/apt/trusted.gpg.d output? what about md5sum /etc/apt/trusted.gpg.d/proxmox*?
 
Code:
root@vmhost01:~# ls -lh /etc/apt/trusted.gpg.d
total 72K
-rw-r--r-- 1 root root 8.0K Jul  7  2019 debian-archive-buster-automatic.gpg
-rw-r--r-- 1 root root 8.0K Jul  7  2019 debian-archive-buster-security-automatic.gpg
-rw-r--r-- 1 root root 2.3K Jul  7  2019 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 5.1K Dec  1  2014 debian-archive-jessie-automatic.gpg
-rw-r--r-- 1 root root 5.1K Dec  1  2014 debian-archive-jessie-security-automatic.gpg
-rw-r--r-- 1 root root 2.8K Dec  1  2014 debian-archive-jessie-stable.gpg
-rw-r--r-- 1 root root 7.4K Jun 18  2017 debian-archive-stretch-automatic.gpg
-rw-r--r-- 1 root root 7.4K Jun 18  2017 debian-archive-stretch-security-automatic.gpg
-rw-r--r-- 1 root root 2.3K Jun 18  2017 debian-archive-stretch-stable.gpg
-rw-r--r-- 1 root root  574 Sep 14 09:54 proxmox-ve-release-5.x.gpg
-rw-r--r-- 1 root root 1.2K Mar  9  2018 proxmox-ve-release-5.x.gpg.dpkg-dist
-rw-r--r-- 1 root root 1.2K Nov 19  2018 proxmox-ve-release-6.x.gpg
Code:
root@vmhost01:~# md5sum /etc/apt/trusted.gpg.d/proxmox*
2dd42e095b62f4c5e7a45a0e61044da0  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
511d36d0f1350c01c42a3dc9f3c27939  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist
f3f6c5a3a67baf38ad178e5ff1ee270c  /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
 
Code:
511d36d0f1350c01c42a3dc9f3c27939  /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist

that one is the proper one, could you try
Code:
mv /etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg.dpkg-dist /proxmox-ve-release-5.x.gpg
apt update

if that does not help, please install and run debsums
 
Thanks Fabian, I've done both those things and still can't run apt update:
debsums flew by a bit too fast to track but I didn't see any that showed anything other than "OK".
Code:
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Get:5 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Err:5 http://download.proxmox.com/debian stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Ign:6 http://hwraid.le-vert.net/debian stretch InRelease
Get:7 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Err:7 http://download.proxmox.com/debian/corosync-3 stretch InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
Hit:8 http://hwraid.le-vert.net/debian stretch Release
Reading package lists... Done
W: GPG error: http://download.proxmox.com/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.proxmox.com/debian/corosync-3 stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0D9A1950E2EF0603
E: The repository 'http://download.proxmox.com/debian/corosync-3 stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
 
what does apt-key list say?
 
Code:
root@vmhost01:~# apt-key list
/etc/apt/trusted.gpg
--------------------
pub   rsa2048 2013-07-24 [SC]
      0073 C119 19A6 4146 4163  F711 6005 210E 23B3 D3B4
uid           [ unknown] HWRaid (http://hwraid.le-vert.net) <root@hwraid.le-vert.net>
sub   rsa2048 2013-07-24 [E]

/etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7  BCDD DC30 D7C2 3CBB ABEE
uid           [ unknown] Debian Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      5E61 B217 265D A980 7A23  C5FF 4DFA B270 CAA9 6DFA
uid           [ unknown] Debian Security Archive Automatic Signing Key (10/buster) <ftpmaster@debian.org>
sub   rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
-------------------------------------------------------
pub   rsa4096 2019-02-05 [SC] [expires: 2027-02-03]
      6D33 866E DD8F FA41 C014  3AED DCC9 EFBF 77E1 1517
uid           [ unknown] Debian Stable Release Key (10/buster) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-automatic.gpg
----------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      126C 0D24 BD8A 2942 CC7D  F8AC 7638 D044 2B90 D010
uid           [ unknown] Debian Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-security-automatic.gpg
-------------------------------------------------------------------
pub   rsa4096 2014-11-21 [SC] [expires: 2022-11-19]
      D211 6914 1CEC D440 F2EB  8DDA 9D6D 8F6B C857 C906
uid           [ unknown] Debian Security Archive Automatic Signing Key (8/jessie) <ftpmaster@debian.org>

/etc/apt/trusted.gpg.d/debian-archive-jessie-stable.gpg
-------------------------------------------------------
pub   rsa4096 2013-08-17 [SC] [expires: 2021-08-15]
      75DD C3C4 A499 F1A1 8CB5  F3C8 CBF8 D6FD 518E 17E1
uid           [ unknown] Jessie Stable Release Key <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
-----------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      E1CF 20DD FFE4 B89E 8026  58F1 E0B1 1894 F66A EC98
uid           [ unknown] Debian Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
--------------------------------------------------------------------
pub   rsa4096 2017-05-22 [SC] [expires: 2025-05-20]
      6ED6 F5CB 5FA6 FB2F 460A  E88E EDA0 D238 8AE2 2BA9
uid           [ unknown] Debian Security Archive Automatic Signing Key (9/stretch) <ftpmaster@debian.org>
sub   rsa4096 2017-05-22 [S] [expires: 2025-05-20]

/etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
--------------------------------------------------------
pub   rsa4096 2017-05-20 [SC] [expires: 2025-05-18]
      067E 3C45 6BAE 240A CEE8  8F6F EF0F 382A 1A7B 6500
uid           [ unknown] Debian Stable Release Key (9/stretch) <debian-release@lists.debian.org>

/etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
-------------------------------------------------
pub   rsa4096 2018-11-19 [SC] [expires: 2028-11-16]
      3534 79F8 3781 D7F8 ED5F  5AC5 7BF2 812E 8A6E 88E0
uid           [ unknown] Proxmox Virtual Environment 6.x Release Key <proxmox-release@proxmox.com>
 
ahm sorry. I mis-copied the mv command in my previous post. mv /proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d followed by apt update?
 
Nice one looks like that's done it. Thanks for your help Fabian!
Code:
root@vmhost01:~# mv /proxmox-ve-release-5.x.gpg /etc/apt/trusted.gpg.d
root@vmhost01:~# apt update
Hit:1 http://security.debian.org stretch/updates InRelease
Ign:2 http://ftp.au.debian.org/debian stretch InRelease
Hit:3 http://ftp.au.debian.org/debian stretch Release
Ign:5 http://hwraid.le-vert.net/debian stretch InRelease
Get:6 http://download.proxmox.com/debian stretch InRelease [3,052 B]
Hit:7 http://hwraid.le-vert.net/debian stretch Release
Get:8 http://download.proxmox.com/debian/corosync-3 stretch InRelease [1,977 B]
Fetched 5,029 B in 11s (449 B/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!