2021 edit: think an eventual reinstall of OS sorted it. Note the private repositories were also added (via apt-key) in a now-deprecated way.
See:
- https://askubuntu.com/a/1307181
- https://www.linuxuprising.com/2021/01/apt-key-is-deprecated-how-to-add.html
Related:
- http://forums.debian.net/viewtopic.php?f=3&t=134409
- Debian stretch package system breaks when non-free added
- https://unix.stackexchange.com/a/387054/47501
After updating to debian buster, I've had trouble installing programs from 3rd party repositories (eg spotify, seadrive (for seafile), mono, mopidy). Excerpt from apt-get update:
W: GPG error: http://repository.spotify.com stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 13B00F1FD2C19886
E: The repository 'http://repository.spotify.com stable InRelease' is not signed.
I understand it has to do with how apt handles keys, namely "preference for SHA-1 encryption has been turned off in APT".
Relevant apt-key list excerpt for spotify:
/etc/apt/trusted.gpg.d/spotify-2015-05-28-D2C19886.gpg
------------------------------------------------------
pub rsa4096 2015-05-28 [SC] [expires: 2017-11-22]
BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886
uid [ unknown] Spotify Public Repository Signing Key <operations@spotify.com>
apt-get update output: https://pastebin.com/sHFxAFvj
What do? Open tickets with the providers and for so long install with --allow-unauthenticated?
Note: this is not reproducing in a system that was dist-upgraded from stretch to buster.
