7

I'm using Raspbian Jessie but there are a few packages I want that aren't available (but are in Debian Stretch repos). I want to temporarily use the Stretch repo to install them (and any otherwise-unsatisfied dependencies) but without making anything else come from there in the future.

I understand things might not work; etc.; I'm just trying something out on a throwaway install :)

I tried rigging some files (based on this answer) but I got this.. not sure a) how to fix it and b) whether I'm doing things the right way!

W: GPG error: http://ftp.uk.debian.org stretch InRelease: The
following signatures couldn't be verified because the public
key is not available:
    NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010
Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
Danny Tuppeny
  • 1,119
  • More details would be helpful. You are presumably pulling stuff from the ARM arch of Stretch. What packages? And you are getting the gpg error because you don't have the public key, like the error says. Just install it,and the error will go away. apt-cache search debian keyring gives a bunch of choices. You want debian-archive-keyring. – Faheem Mitha Apr 03 '16 at 17:52
  • Better using the backports deb http://http.debian.net/debian jessie-backports main – Rui F Ribeiro Apr 03 '16 at 17:53
  • @RuiFRibeiro Depends whether they are available in backports. – Faheem Mitha Apr 03 '16 at 17:54
  • @FaheemMitha I don't know how to "Just install the key" and I've failed at Googling to find out how :( One page suggested doing apt-get install debian-keychain which didn't appear to solve it – Danny Tuppeny Apr 03 '16 at 17:55
  • @RuiFRibeiro The package I want letsencrypt is indeed there; though I don't know the difference. Sounds like a better choice, but question remains, how can I get my Pi to use it? – Danny Tuppeny Apr 03 '16 at 17:55
  • @DannyTuppeny apt-get install debian-archive-keyring. See my comment above. "You want debian-archive-keyring". You can run apt-key list to see the installed keys. – Faheem Mitha Apr 03 '16 at 18:05
  • @FaheemMitha When I try that, it says Note, selecting 'raspbian-archive-keyring' instead of 'debian-archive-keyring' and then doesn't stop the error :( – Danny Tuppeny Apr 03 '16 at 18:09
  • @DannyTuppeny Oh, I see. Hmm. Well, the deb is Arch:all, so you could download it from the Debian web pages, and run dpkg -i. But it looks like Rui has sorted you out, so you probably don't need to do that. – Faheem Mitha Apr 03 '16 at 18:45
  • @FaheemMitha I originally started doing that, but satisfying dependencies meant it started getting out of hand ;( Yep, all sorted now. Thanks! – Danny Tuppeny Apr 03 '16 at 19:07

4 Answers4

9

As backports has letsencrypt, I recommend using jessie-backports as it brings less new/packages dependencies than drinking directly from stretch.

To use Jessie backports and install letsencrypt from it:

Add to /etc/apt/sources.list:

deb http://httpredir.debian.org/debian jessie-backports main contrib non-free

The run:

apt-get update

As for installing the key, I confirm you can do:

gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553      
gpg -a --export 8B48AD6246925553 | sudo apt-key add -

and also with the key 7638D0442B90D010

gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010     
gpg -a --export 7638D0442B90D010 | sudo apt-key add -

And finally to install letsencrypt:

apt-get install -t jessie-backports letsencrypt
Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
  • What do I need to do to trust that url? W: GPG error: http://http.debian.net jessie-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010 – Danny Tuppeny Apr 03 '16 at 18:03
  • 1
    I saw this but the presence of a .mit.edu domain makes me wonder whether that's the right thing? (and I have two keys there?) – Danny Tuppeny Apr 03 '16 at 18:04
  • It is a key repository; I added it to the answer. – Rui F Ribeiro Apr 03 '16 at 18:09
  • (I did not have to add keys, as I am using a Jessie derived distro at home, and Jessie at work) – Rui F Ribeiro Apr 03 '16 at 18:14
  • Ok, seems to be working; though I had to run the gpg lines for both keys in the answer (after the first one I got a slightly different error message with the other key). Thanks! – Danny Tuppeny Apr 03 '16 at 18:15
  • 2
    @DannyTuppeny pgpkeys.mit.edu is just a large, and standard, GPG repository. Everyone uses it. – Faheem Mitha Apr 03 '16 at 18:46
  • 2
    pgpkeys.mit.edu should not be used directly as it may not always be available (as I found out recently). It is prefered to use the pool: hkp://pool.sks-keyservers.net:80 – Mausy5043 Jun 07 '19 at 09:08
  • I'm got gpg: keyserver receive failed: No keyserver available for the above commands. omitting the --keyserver pgpkeys.mit.edu parameter worked however. – mbarkhau Aug 11 '19 at 11:30
2

For me, the easiest way was run:

aptitude install debian-keyring debian-archive-keyring

No more errors :)

Cristian Deluxe
  • 21
  • 3
    Didn't work for me in the case of Ubuntu Artful. The solution given at https://raspberrypi.stackexchange.com/a/60051/87676 worked. – koppor Jun 19 '18 at 05:35
  • This doesn't work in Raspbian Buster, as raspbian-archive-keyring provides debian-archive-keyring. Manually downloading the package from https://packages.debian.org/buster/debian-archive-keyring and installing it with dpkg will work. – Stefan Apr 05 '20 at 05:49
1

For some reason, the various combinations on this page didn't work for me. The steps that finally did were to download and install both up-to-date keyrings from the following locations:

https://deb.debian.org/debian/pool/main/d/debian-archive-keyring/
https://deb.debian.org/debian/pool/main/d/debian-keyring/

As an example (that will become invalid as the keyrings age out):

curl http://ftp.ca.debian.org/debian/pool/main/d/debian-keyring/debian-keyring_2021.03.24_all.deb > debian-keyring.deb
dpkg -i debian-keyring.deb
curl http://ftp.ca.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1_all.deb > debian-archive-keyring.deb
dpkg -i debian-archive-keyring.deb

Once that was done I was left with the following error:

W: GPG error: http://aptcache:3142 jessie Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 7638D0442B90D010

So that was added with the following:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 7638D0442B90D010

Now I'm finally in a good spot. I struggled for quite awhile as my base debian-keyring was from 2015 and I hadn't noticed.

RandomInsano
  • 225
0

I was only able to succeed after combining both Cristian Deluxe and Rui F Ribeiro answer. (I've mark their answered correct as it is their original work)

Append the following text to /etc/apt/sources.list

deb http://httpredir.debian.org/debian jessie-backports main contrib non-free

I had to install the debian-keyring and debian-archive-keyring

apt-get install -y debian-keyring debian-archive-keyring

Install the GPG keys.

gpg --keyserver pgpkeys.mit.edu --recv-key  8B48AD6246925553      
gpg -a --export 8B48AD6246925553 | sudo apt-key add -
gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010     
gpg -a --export 7638D0442B90D010 | sudo apt-key add -

Finally performed the apt-get update

apt-get update

only after the above steps, could I perform the install of the packages in the backports.

[Further Edit] In some of my Raspbian boxes I got an error that dirmngr was not running. Fix that by doing the following

apt-get install -y dirmngr
Kelvin Lee
  • 1