Wednesday, October 5, 2011

The apt keys, importing keys in batch mode

Why?
Sometimes a fresh Ubuntu or Debian install is mandatory or commanded, but we forget to export all GPG apt keys before the wipe. Once we made the installation we start to add our previously sources lists entries (hope you don't forget to save them first). In my case I use several entries many referencing some useful PPAs on Launchpad, this an excerpt:

deb http://archive.ubuntu.com/ubuntu natty-proposed main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu natty-security main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu natty-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu natty main restricted universe multiverse

deb http://archive.canonical.com/ubuntu natty partner
deb http://archive.canonical.com/ubuntu natty-backports partner

deb http://extras.ubuntu.com/ubuntu natty main

deb http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu natty main
deb-src http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu natty main

deb http://ppa.launchpad.net/tualatrix/ppa/ubuntu natty main 
deb http://ppa.launchpad.net/kiwixteam/ppa/ubuntu natty main
deb http://ppa.launchpad.net/pidgin-developers/ppa/ubuntu natty main

deb http://ppa.launchpad.net/rabbitvcs/ppa/ubuntu natty main
deb-src http://ppa.launchpad.net/rabbitvcs/ppa/ubuntu natty main

deb http://archive.cloudera.com/debian natty-cdh3 contrib
deb-src http://archive.cloudera.com/debian natty-cdh3 contrib

deb http://ppa.launchpad.net/ubuntu-x-swat/x-updates/ubuntu natty main
When we run then apt-get update in our fresh install we end with this annoying warning message:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: ... Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>

W: Failed to fetch ... 
W: Some index files failed to download, they have been ignored, or old ones used instead.


To avoid these warnings you shall to explicit import the public keys (40976EAF437D05B5) via Synaptic Package Manager or apt-key command.

How?
In my case, I keep a file (~/Sandbox/aptkeys/aptkeys) with a list of keys on my profile, one per line. Then, when a /etc/apt/sources.list archive get modified and the command apt-get update emits this kind of warning message, I append this key (40976EAF437D05B5) to the end of the file  ~/Sandbox/aptkeys/aptkeys using a text editor or cat command. Here is an excerpt of my aptkeys file:
DB141E2302FDF932
7FB8BEE0A1F196A8
5A9BF3BB4E5E17B5
2EBC26B60C5A2783
BE79FA4B705B7C13
E43D207C62D38753
C0B56813051D8B58
3B22AB97AF1CDFA9

The I use this script to make a batch import of all my approved keys:


$  cat ~/Sandbox/aptkeys/aptkeys  | importaptkeys


Hope that it will be useful for you.

2 comments: