2012-07-15

apt-get update; GPG Unverified Signature

So, you added a new thing to your /etc/apt/sources.list (or if you're smarter than most, you'll create your own user-based file in /etc/apt/sources.list.d/<new-source>.list, then you go to update Aptitude, and you get the following message:


root@localhost:~# apt-get update
...
W: GPG error: http://updates.repository.backtrack-linux.org revolution Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB6DA34B475A6B7F

This is all fine and dandy - I can just goto the site and look for their key and install that, right? No? They don't just give me the key?! Then your packages will always be unverified and I'll be open to an exploit that allows the install of arbitrary third-party packages! Oh noes! D: Whatever shall we do?

Never fear - there's a way to get that key and turn it into something apt-get can use and stop complaining about that error. Checkout apt-get-key, which is a quick script that will fetch the GPG key from gpg.net and allow apt-key the chance to install it:


#!/bin/bash

if [ $UID != 0 ]; then
echo -e "\033[33mERROR\033[00m: This script can only be run by root!";
exit 1;
fi

function Usage(){
cat <<EOF
Usage: apt-get-key [key] [file]
key - The key to request from the gpg server.
file - Where to put the key after it's been requested and generated.
EOF
exit 8;
}

KEY=$1;
FILE=$2;

if [ -n "$( echo $1 | grep -P -- '--?h(elp)?' )" ] || [ -z $KEY ] || [ -z $FILE ]; then
Usage;
fi

if [ ! -d $(dirname $FILE) ]; then
echo -e "\033[31mERROR\033[00m: $(basename $0): Cannot stat \`$FILE' no such directory.";
exit 1;
fi

gpg --keyserver subkeys.pgp.net --recv $KEY && gpg --export --armor $KEY | tee $FILE;
apt-key add "$FILE";
echo -e "\033[32mDone.\033[00m";

As a semantic, I usually place my keys in /etc/apt/keys, but you can do whatever. Even store them in /tmp as it'll install the key as well. With this script, you can run it like so to fetch and install a key regarding the above error:


apt-get-key AB6DA34B475A6B7F /etc/apt/keys/backtrack.gpg

... and BAM! You now have installed the key apt-get was complaining about earlier. Have nice day :)

-0xKizano

No comments:

Post a Comment