Gpg error: NO_PUBKEY 4ABE1AC7557BEFF9

help

#1

Hi,

I'm trying to update owncloud client on an Ubuntu 16.04 installation. This perfectly worked until some weeks ago. What I did so far is:

  1. removed any owncloud-related item in /etc/apt/sources.list
  2. removed owncloud-key 557BEFF9
  3. performed the installation procedure as explained in Install package isv:ownCloud:desktop / owncloud-client --> Ubuntu

Still no luck. I keep getting warnings related to non-available public keys:

W: GPG-Fehler: http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.04  Release: Die folgenden Signaturen konnten nicht ĂŒberprĂŒft werden, weil ihr öffentlicher SchlĂŒssel nicht verfĂŒgbar ist: NO_PUBKEY 4ABE1AC7557BEFF9
W: The repository 'http://download.opensuse.org/repositories/isv:/ownCloud:/desktop/Ubuntu_16.04  Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

Update to owncloud desktop client 2.2.4
#2

Hi,
I stumbled across the same issue weeks ago - owncloud moved sources away from Suse and to their own download-servers.
The owncloud download page seems unavailable right now, but the download-server is up and running.

So just edit or create a file "owncloud.list" in /etc/apt/sources.list.d/ and insert the following line:
deb http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/ /

next fetch and add the release-key to apt keyring (type next line in terminal):
wget -qO - http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key | sudo apt-key add -

now apt update & apt upgrade will work (but you will see a warning about "weak digest algorithm (SHA-1)" when running from command line)

cheers :+1:


#3

Hi,

thanks for your help! It's still the same weird behavior:
When I do the exact steps you described above, apt-key claims having successfully imported the key. However, when I run apt-key list there isn't any key related to owncloud.
Instead I'm getting a notice that there's a key missing a valid User-ID.

No idea what's going wrong here, since gpg e.g. did import the public key without any errors.

Cheers :wink:
Thomas


#4

Hi medmen,

after fiddling for a while with that problem, I finally moved that freaking key to /etc/apt/trusted.gpg.d/ and voilĂĄ - it worked.
This is really weird.

Thanks for your support + cheers
Thomas


#5

Hi,
great to hear you solved it!
I have the same problem, and I would like to know exactly what file you moved to /etc/apt/trusted.gpg.d/ and how you did it. The description was a bit too brief for my level of knowledge.
Thanks,
MĂ„rten


#6

Hi,

what I did was:
wget -qO - http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key
followed by:
sudo mv Release.key /etc/apt/trusted.gpg.d/owncloud-client.key

I'm sure that's not the way it was intended to be, but in the other hand: if I import a key from the web I also have to trust the server to a certain degree.

Hope this helps you
Thomas


#7

Thanks, that made it clearer!

/MĂ„rten


#8

Dear all.
I had the same problem with the Release key.
I could find that I had a previous Release.key in my home directory when I downloaded the new one. By default, Ubuntu does not overwrite the old Release.key, but creates a Release.key.1
When we import the new key with apt--key add - < Release.key we are importing the old one and that is why it complains on update.


#9

Thanks for posting this. Have noticed that this is a quite popular issue as people don't see that they are repeatedly downloading the file with a number attached. So provided a fix to the OBS guys here:


#10

This issue drives me crazy. I tried to follow all steps mentioned above - and still I get the same error message.
I've just upgraded to ubuntu 16.10 - what are the latest recommendations?

Cheers,
Wolf


#11

See https://github.com/owncloud/client/issues/5055#issuecomment-254308652


#12

Thanks for your hint. I tried to follow these steps, but in the end my /etc/apt/trusted.gpg still contains:

pub dsa1024 2012-02-08 [SC] [verfÀllt: 2017-04-19]
F9EA 4996 7473 10AE 7947 4F44 977C 43A8 BA68 4223
uid [ unbekannt ] isv:ownCloud OBS Project isv:ownCloud@build.opensuse.org

and

pub rsa2048 2013-08-26 [SC] [verfÀllt: 2018-08-25]
DDA2 C105 C4B7 3A66 49AD 2BBD 47AE 7F72 479B C94B
uid [ unbekannt ] ownCloud build service
sub rsa2048 2013-08-26 [E] [verfÀllt: 2018-08-25]
sub dsa2048 2013-08-26 [S] [verfÀllt: 2018-08-25]
sub elg2048 2013-08-26 [E] [verfÀllt: 2018-08-25]

The weird thing is that my apt-key list command seems not to display key IDs, but only fingerprints.
So I don't know whether these keys have to be deleted as well - and how to do it.

Cheers,
Wolf


#13

Hi,

as this looks like an user issue try to ask such questions at a community dedicated to your used distro. They are more familiar with pitfalls during that process and can give better support for such issues.

I'm closing here for know as the initial issue is fixed and all known workarounds are posted.


#14