NO_PUBKEY error

CtrlAltDel

@becm said in NO_PUBKEY error:

@CtrlAltDel if Mint actually deprecated/broke apt-key add prematurely, then for now the only workflow I see that could work is:

• install via .deb file (adds repo, uses apt-key add to add key)
• manually add the Vivaldi repo key as a separate entity in /etc/apt/trusted.gpg.d/ (curl … | gpg --dearmor > …)

The 2nd step will have to be repeated on Vivaldi maintainer key rotation (yearly).
Normally this is handled by a cron script (instead of on install time, but that's another story…), which now also fails due to using apt-key add.

Thanks for the suggestion, becm. Unfortunatley, not much has seemed to have changed. After installation with the .deb file and manually adding the key using the curl command, it still takes about 3 minutes for Software Sources/Add Missing Keys to open in Mint and errors are displayed about needing to manually add the repo .

Maybe I'll just install Vivaldi and remove the keys and repo's and not worrying about updating it. I guess that would work.

becm

@CtrlAltDel not really apparent in what (internal) state of "add a repo" the software you are using is stuck in.

If the key is properly available (please post output of apt-key list) it might be some kind of caching issue.
Or it insists on querying a keyserver and fails due to the currently required Vivaldi repo key not being available.

@Ruarí the current key for [email protected] seems to not be published
(missing when asking Ubuntu's default server hkp://keyserver.ubuntu.com:80).

becm

@Gwen-Dragon it's not needed for the suggested way to add a repo.
But they are available (and apt-key adv … worked) up to 4A3AA3D6 (which is now expired but still pushed to the keyring by the cron script shipped in Vivaldi).

RobsukeDaisuke

@christian-rauch That did not work for me! This however did:

wget -qO- https://repo.vivaldi.com/archive/linux_signing_key.pub | gpg --dearmor | sudo dd of=/usr/share/keyrings/vivaldi-browser.gpg

It was from a page on how to install Vivaldi - I didn't follow adding the repository, as it already was, I just ran

sudo apt update

and saw that everything was fine now... well, at least there was no more errors with the key. I'll have to see if the upgrade will work now

The site I got this from was: Manual setup of the Vivaldi Linux repositories | Vivaldi Browser Help

I've just fixed similar issue with Chrome repositories - first the key, then the fact that the repo was defined in two different files (/etc/sources.list.d/google-chrome.list and /etc/sources.list.d/additional-repositories.list - the latter one only had the google-chrome repo and I have no idea when and why it got there). These 3rd party proprietary FOSS leeches don't know how to upkeep their repos

ingo-steinke

@becm said in NO_PUBKEY error:

curl https://repo.vivaldi.com/stable/linux_signing_key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/vivaldi-browser.gpg

This gives a permission denied error even when executed as root, so it is probably not my local permission but the one on your server? Checked various forum topics and askubuntu, still not sure how to make it work.

Conclusion? Give Firefox another chance as default browser, probably.

ingo-steinke

@RobsukeDaisuke thanks, now it seems to work following the (re-)installation steps described, in my case for apt on Ubuntu.

https://help.vivaldi.com/desktop/install-update/manual-setup-vivaldi-linux-repositories/

joachimrs

Get:13 https://repo.vivaldi.com/archive/deb stable Release.gpg [833 B]
Err:13 https://repo.vivaldi.com/archive/deb stable Release.gpg
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 62993C724218647E

The key is not available on public gpg keyservers like keyserver.ubuntu.com for example. How to resolve this issue? Last week everything worked fine.

becm

@joachimrs a new Vivaldi package signing key (KEY08) is active and you have a conflicting source setup for the repository.
Should be a purely aesthetic problem, but you can run

grep -nr repo.vivaldi.com /etc/apt/sources.list.d/*

and remove any file that comes up with a signed-by entry (there should be vivaldi somewhere in the name).
You can post the output of that command here for a 2nd opinion if that file can be removed safely and without need for further steps.

The original approach for manual repo setup is discouraged now, it generates this exact issue (for most users) on a yearly basis.
The Vivaldi package will manage its own key rotation and source list entry.

joachimrs

@becm Thanks a lot. I already apt purge vivaldi-stable and will do a reinstall of the deb later. I also removed all remaining traces of anything vivaldi in /etc/apt/trusted.gpg.d/ as well as in /etc/apt/sources.list.d/ and /usr/share/keyrings/

Will check what will be installed with the .deb and see if it resolves the issue. It should, as you mentioned, be gone for good as it is taken care of in the package now.

Before that I tried lots of hints in the thread, like downloading the key from repo.vivaldi and --dearmor put it in trusted.gpg.d etc. to no avail. That's why I was curious if there is a way to remedy that without reinstall, but went for a reinstall anyway, as it seemed the fastest solution, sorry, me dumb user ¯\_(ツ)_/¯

becm

@joachimrs using the dearmored key as new content for the /usr/share/keyrings/vivaldi… file would also have been an option.
But that requires to do the same procedure every year (and results in a duplicated repo reference in sources.list.d anyway).

michaa7

Could someone please make an "official" HOWTO about how to install and update vivaldi repo keyes (possibly in such a way Google and others (including the search within the Vivaldi forum pages) will find it whenever a user seeks for "vivaldi NO_PUBKEY"). Than delete this confusing abomination of assumed help together with all other related, but long overdue postings.

It's of no help, mixing deprecated with not working commands and letting unclear whether to execute the appropriate command as user or as root or which better as user and which as root. And most importantly which one is working at the present moment.

If you disagree with my comment I have to assume the way you spell "security" is: W_H_O_C_A_R_E_S !

DoctorG

@michaa7 The keys are installed every new Vivaldi installation (by package installer) and upgrade.
I checked my Debian 12 and Ubuntu 22 LTS/23 systems and was able to update.
And if you encounter a problem installing the RPM or DEB installer should solve it.

michaa7

@DoctorG

Debian/sid(uction)

"apt update"

: Während der Überprüfung der Signatur trat ein Fehler auf. Das Depot wurde nicht aktualisiert und die vorherigen Indexdateien werden verwendet. GPG-Fehler: https://repo.vivaldi.com/archive/deb stable Release: Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 124F149833EAAB8E
W: Fehlschlag beim Holen von https://repo.vivaldi.com/archive/deb/dists/stable/Release.gpg Die folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher Schlüssel nicht verfügbar ist: NO_PUBKEY 124F149833EAAB8E

update worked some days ago.

You mean reinstalling vivaldi browser should solve this? will give it a try ....

DoctorG

@michaa7 I tested on ym Debian 12.
my sudo apt upgrade worked.

My apt config:

test@debora:~$ cat /etc/apt/sources.list.d/vivaldi*
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64] https://repo.vivaldi.com/snapshot/deb/ stable main
test@debora:~$ 

My sudo apt-key list

/etc/apt/trusted.gpg.d/vivaldi-33EAAB8E.gpg
-------------------------------------------
pub   rsa4096 2023-01-10 [SC] [verfällt: 2025-02-28]
      3360 18F2 63FA 0000 65CE  D7C6 124F 1498 33EA AB8E
uid        [ unbekannt ] Vivaldi Package Composer KEY09 <[email protected]>
sub   rsa4096 2023-01-10 [E] [verfällt: 2025-02-28]

/etc/apt/trusted.gpg.d/vivaldi-4218647E.gpg
-------------------------------------------
pub   rsa4096 2022-01-31 [SC] [verfallen: 2024-01-31]
      DF44 CF0E 1930 9195 C106  9AFE 6299 3C72 4218 647E
uid        [ verfallen ] Vivaldi Package Composer KEY08 <[email protected]>

/etc/apt/trusted.gpg.d/vivaldi-74C35BC8.gpg
-------------------------------------------
pub   rsa4096 2024-01-23 [SC] [verfällt: 2026-02-11]
      C2A2 445B 0EC3 B396 BD52  6E31 F739 AAC0 74C3 5BC8
uid        [ unbekannt ] Vivaldi Package Composer KEY10 <[email protected]>
sub   rsa4096 2024-01-23 [E] [verfällt: 2026-02-11]

/etc/apt/trusted.gpg.d/vivaldi-snapshot-33EAAB8E.gpg
----------------------------------------------------
pub   rsa4096 2023-01-10 [SC] [verfällt: 2025-02-28]
      3360 18F2 63FA 0000 65CE  D7C6 124F 1498 33EA AB8E
uid        [ unbekannt ] Vivaldi Package Composer KEY09 <[email protected]>
sub   rsa4096 2023-01-10 [E] [verfällt: 2025-02-28]

/etc/apt/trusted.gpg.d/vivaldi-snapshot-4218647E.gpg
----------------------------------------------------
pub   rsa4096 2022-01-31 [SC] [verfallen: 2024-01-31]
      DF44 CF0E 1930 9195 C106  9AFE 6299 3C72 4218 647E
uid        [ verfallen ] Vivaldi Package Composer KEY08 <[email protected]>

/etc/apt/trusted.gpg.d/vivaldi-snapshot-74C35BC8.gpg
----------------------------------------------------
pub   rsa4096 2024-01-23 [SC] [verfällt: 2026-02-11]
      C2A2 445B 0EC3 B396 BD52  6E31 F739 AAC0 74C3 5BC8
uid        [ unbekannt ] Vivaldi Package Composer KEY10 <[email protected]>
sub   rsa4096 2024-01-23 [E] [verfällt: 2026-02-11]

michaa7

Ok, I stumbled over my own feet. Sorry for that.

This mechanism isn't working for me because I have "my-vivaldi.list" due to "I-don't-remember-anymore", but I think this happend to prevent settings being overwritten when vivaldi is updated or something like that.

I got a shell command to update the keys manually,

sh -c 'echo "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/packages.vivaldi.gpg] https://repo.vivaldi.com/archive/deb stable main" > /etc/apt/sources.list.d/my-vivaldi.list'

which, when executed throws no error .... but apt then does as shown.

AND. it worked for a long period of time (years) now.

So .....

DoctorG

@michaa7 Why repo.vivaldi.com/archive? Old bash script? And who generated this GnuPG keyring packages.vivaldi.gpg?

Ah, i guess tha twas the old help page or something like this old advice https://forum.vivaldi.net/post/674837

The best way is to delete the packages.vivaldi.gpgkeyring,
remove the vivaldi stable with
sudo apt purge vivaldi-stable
fetch installer deb package
wget https://downloads.vivaldi.com/stable/vivaldi-stable_6.5.3206.59-1_amd64.deb
and install with
sudo dpkg -i vivaldi-stable_6.5.3206.59-1_amd64.deb
and in case of errors
sudo apt -f install

Updates from now on will now give you the correct signing keys and vialdi repo.

lfisk

@michaa7 This problem arose from people using instructions in days past to setup the Repo on our own. In a rather long interspersed thread last year Rurai explained some of this:

Yes it is because you configured our apt repository by hand likely using our help page

I deleted my entries for it (using Synaptic) and all has been fine since...

DoctorG

@lfisk Nice find.
Yes, i saw this old blog post about older help page advice, too, minutes ago.

lfisk

@DoctorG I'd been working around the problem for several seasons. While following this discussion last year I finally understood the problem and then it was easy to fix it

michaa7

I don't remember, but I think it was, as far as I remember, someone here in this forum who gave or pointed me to this script when I complaint about settings being overwritten on vivaldis update.

@ lfisk
Ok, here comes light into the dark

My only concern is, I created my-vivaldi.list due to a problem and not for self-expression and I do not want to solve a problem by recreating an old-one. I have to dive back to find what the exact problem was and see how it might be solvable today. Or are you actually speaking about it?

EDIT:
I immediatly gave up searching as there is no search. I cannot understand how someone sees fit to simply copy the content of all postings and not providing a list of posting titels. This "eigene Beiträge" is high gloss sh** (or garbage if you like diplomacy). I is an usless because unsearchable archive. (for anyone interested how to create ergonomicaly searchable info go to debianforum.de; you can search in consecutive levels within what you found and restrict itto a search within your own postings ).

Now for the current problem. How do I solve it. Is there a way to solve it correcting the shell command?