Last Updated: February 25, 2016
·
2.674K
· ipoerner

Update GnuPG archive keys of the Debian archive

I recently ran into the following issue when attempting to update a fairly outdated Debian system:

$ apt-get update
[...]
Reading package lists... Done
W: There is no public key available for the following key IDs:
9AA38DCD55BE302B
W: GPG error: http://archive.debian.org etch/updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9AA38DCD55BE302B
W: You may want to run apt-get update to correct these problems

Turns out the debian-archive-keyring package was out-of-date.

Fixing those kind of issues is merely a matter of performing a manual upgrade of that very package prior to apt-get update:

$ apt-get install debian-archive-keyring
Reading package lists... Done
Building dependency tree... Done
The following packages will be upgraded:
  debian-archive-keyring
1 upgraded, 0 newly installed, 0 to remove and 51 not upgraded.
Need to get 12.8kB of archives.
After unpacking 4096B of additional disk space will be used.
Get:1 http://archive.debian.org etch/main debian-archive-keyring 2009.01.31 [12.8kB]
Fetched 12.8kB in 0s (18.8kB/s)          
(Reading database ... 17716 files and directories currently installed.)
Preparing to replace debian-archive-keyring 2007.07.31~etch1 (using .../debian-archive-keyring_2009.01.31_all.deb) ...
Unpacking replacement debian-archive-keyring ...
Setting up debian-archive-keyring (2009.01.31) ...
gpg: key 6070D3A1: "Debian Archive Automatic Signing Key (4.0/etch) <ftpmaster@debian.org>" not changed
gpg: key ADB11277: "Etch Stable Release Key <debian-release@lists.debian.org>" not changed
gpg: key BBE55AB3: "Debian-Volatile Archive Automatic Signing Key (4.0/etch)" not changed
gpg: key F42584E6: public key "Lenny Stable Release Key <debian-release@lists.debian.org>" imported
gpg: key 55BE302B: public key "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" imported
gpg: key 6D849617: public key "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" imported
gpg: Total number processed: 6
gpg:               imported: 3  (RSA: 2)
gpg:              unchanged: 3
gpg: no ultimately trusted keys found

NOTE: It is very risky to stick to a system that doesn't even receive the most essential security updates anymore. You should seriously consider updating to a newer version.