readme references mismatched key for deb repo

[brainchild0]

The Debian repository (https://pkg.ltec.ch/public/) and the corresponding public key (https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key), as referenced in the Readme file, appear to mismatched, at least for some distribution releases.

$ sudo apt update

Get:14 https://pkg.ltec.ch/public focal InRelease [2,883 B]
Err:14 https://pkg.ltec.ch/public focal InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
Reading package lists... Done
W: GPG error: https://pkg.ltec.ch/public focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
E: The repository 'https://pkg.ltec.ch/public focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The workaround for me was retrieving the key ("LTEC AG \info@ltec.ch\") from the Ubuntu key server, which was automated through the Update Manager packaged with Linux Mint.

[fxrb]

The Debian repository (https://pkg.ltec.ch/public/) and the corresponding public key (https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key), as referenced in the Readme file, appear to mismatched, at least for some distribution releases.

What do you mean by "some distribution releases"? The readme states Debian/Ubuntu only.

$ sudo apt update

Get:14 https://pkg.ltec.ch/public focal InRelease [2,883 B]
Err:14 https://pkg.ltec.ch/public focal InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
Reading package lists... Done
W: GPG error: https://pkg.ltec.ch/public focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
E: The repository 'https://pkg.ltec.ch/public focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

The workaround for me was retrieving the key ("LTEC AG [info@ltec.ch](mailto:info@ltec.ch)") from the Ubuntu key server, which was automated through the Update Manager packaged with Linux Mint.

If you are using Linux Mint (neither Debian nor Ubuntu) then that could be the source of the problem.

[brainchild0]

Linux Mint is based on Ubuntu. Each release of Mint is based on a release of Ubuntu. Recent releases of Mint, such as the one I run, are based on Ubuntu 20.04 ("focal").

The Readme file instructs adding the following repository to the package configuration:

deb https://pkg.ltec.ch/public/ distro main

On my system, it was appropriate to substitute the text focal for "distro", which I had done.

When my system queries the repository, the effect is the same as though the query were given by a system running Ubuntu 20.04. The problem I documented may be expected on any such system. You can see from the output that the query was made for the release named "focal". In fact, the problem may be expected on any system for which "focal" was given as the distribution name in the configuration modification as explained above. (If the wrong distribution were used, then the utility would try to install a mismatched version of the package, which might lead to a different kind of complaint, such as one about incompatible dependencies. This problem would only occur, however, after the client verified the key on the server, and then acquired the package. Presently, the client is refusing to download packages, due to a missing key.)

I have indicated the problem emerges "at least for some distribution releases", because I have only tested on one system.

[axl7777]

Facing a key related issue on bullseye as well:

axl@pluto:~$ apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.cltdIm6ojr/gpg.1.sh --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
gpg: requesting key from 'https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key'
gpg: key 4BBAE4C69C568C54: public key "LTEC AG <info@ltec.ch>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: no writable keyring found: Not found
gpg: error reading '[stdin]': General error
gpg: import from '[stdin]' failed: General error
gpg: Total number processed: 0`

apt update results in:

Err:5 https://pkg.ltec.ch/public bullseye InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
Reading package lists... Done
W: GPG error: https://pkg.ltec.ch/public bullseye InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4BBAE4C69C568C54
E: The repository 'https://pkg.ltec.ch/public bullseye InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.`

[Dawars]

Try using sudo

[brainchild0]

Try using sudo

It's not a local permissions issue. It's a problem verifying the public key included in the repository.

[axl7777]

Try using sudo

Indeed. I confirm this works.

[brainchild0]

Try using sudo

Indeed. I confirm this works.

For apt update or apt-key? The update command for apt would fail trying to update the package cache if not invoked as root.

[christgau]

I just tried what is described in the README on a "bullseye" installation:

tl;dr: Works as intended. No issue on Bullseye.

root $ cat > /etc/apt/sources.list.d/wsdd
deb https://pkg.ltec.ch/public/ bullseye main
root $ apt-key adv --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.mHJK4soE6j/gpg.1.sh --fetch-keys https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key
gpg: requesting key from 'https://pkg.ltec.ch/public/conf/ltec-ag.gpg.key'
gpg: key 4BBAE4C69C568C54: public key "LTEC AG <info@ltec.ch>" imported
gpg: Total number processed: 1
gpg:               imported: 1
root $ apt update
[...]
Get:7 https://pkg.ltec.ch/public bullseye InRelease [4,317 B]
Get:9 https://pkg.ltec.ch/public bullseye/main amd64 Packages [428 B]
Fetched 4,745 B in 2s (2,149 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
root $ apt install wsdd
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed:
  wsdd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 21.4 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 https://pkg.ltec.ch/public bullseye/main amd64 wsdd all 0.7.0 [21.4 kB]
Fetched 21.4 kB in 0s (104 kB/s)
Selecting previously unselected package wsdd.
(Reading database ... 99592 files and directories currently installed.)
Preparing to unpack .../archives/wsdd_0.7.0_all.deb ...
Unpacking wsdd (0.7.0) ...
Setting up wsdd (0.7.0) ...
Created symlink /etc/systemd/system/multi-user.target.wants/wsdd.service → /lib/systemd/system/wsdd.service.
INFO: please configure wsdd in /etc/wsdd.conf before starting
Processing triggers for man-db (2.9.4-2) ...

Will now take a look on Mint

[christgau]

On a Mint Live CD now (Linux Mint 20.3). I get the error that the OP reported if I only create an apt source file (with focal as distro) and do an apt update immediately afterwards. This is not surprising since the repo key has not been imported at that time. After the apt-key command from the README has been issued, apt update works fine and so does the installation.

Thus, there appears no issue with the key. The content of the README is fine. Closing the issue and marking it as invalid since the steps from the README do not appear to be followed.