Apt-get reports NO_PUBKEY gpg error for keys that are present in trusted.gpg.

I saw the following while attempting to work around this issue:

1.
In addition to /etc/apt/trusted.gpg, each *.gpg file in /etc/apt/trusted.gpg.d/ is a separate keyring, often containing a single key for the corresponding repository. This could effectively limit the number of repos/packages one can have, if the total number of keyrings exceeds GnuPG's limit.

2.
Deleting a key ('apt-key del <keyID>'), or removing a repository (e.g., using Synaptic), removes the key from its keyring in /etc/apt/trusted.gpg.d/ but leaves the empty keyring in the location. After I removed the empty keyring files, the "resource limit" message did not appear and 'apt-get update' did not complain about "NO_PUBKEY." So, once GnuPG's maximum number of keyrings is reached, one has to manually remove the empty keyring files, in addition to removing package repositories, in order to avoid the "NO_PUBKEY" scenario.

Answered upstream, in Debian BTS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733028#10

Status changed to 'Confirmed' because the bug affects multiple users.

http://ubuntuforums.org/showthread.php?t=2195579

fix it already, it really affects much more than just the desktop users

The post from 4zika4 helps if you have repositories from the same origin (like noobslabs or such) but if that's not your case, the bug pretty mch stays :(

Ubuntu 14.04 fully up-to-date here:

Hi everyone, thanks to the help of user @TJ- on #ubuntu+1 we were able to discover that the issue I was getting is related to this bug:

[...]
Ign http://archive.ubuntu.com trusty-security/universe Translation-en_US
Fetched 4.737 B in 33s (141 B/s)
Reading package lists... Done
W: GPG error: http://archive.canonical.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://extras.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192
W: GPG error: http://archive.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-security Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

What I did:
1. sudo apt-get clean
2. sudo mv /var/lib/apt/lists /var/apt/lists.old
3. mkdir -p /var/lib/apt/lists/partial
4. sudo apt-get update

And got the same error so, next thing was trying to reinstall 'ubuntu-keyring': http://pastebin.com/Zr9TppeL

Other relevant info:
"07:32:49 TJ- | msx: The debian bug explains the issue ... too many keyrings being passed to gpg"
"07:35:23 TJ- | msx: Summary is, remove empty keyrings from "/etc/apt/trusted.gpg.d/"

Issue solved here.

i have the same problem with official and some 3rd party GPG keys on Ubuntu 14.04 x64.

Now getting this after upgrade to Trusty.

i have the same problem with official and some 3rd party GPG keys on Ubuntu 14.04 x86.

How does one find these empty keyrings?

> How does one find these empty keyrings?

These would be *.gpg files in /etc/apt/trusted.gpg.d/ that are empty (size=0) -- see comment #1.

Struggling from this problem all the time. Tried every solution I can find on the web but still get these errors.

I am having this problem too. Did someone already found the solution?

I know the last comment is a month old now, but google is still driving people here for an answer. I found this on the web:
http://www.namhuy.net/3116/how-to-fix-gpg-error-no_pubkey-in-ubuntu.html

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5

Run this command for each hex key you need to download. replace "40976EAF437D05B5" with the appropriate key.

I had to do it three times, but it worked for me.

I encountered the same problem. I solved this by

1) moving all the ppas from the folder /etc/apt/sources.list.d to the file /etc/apt/sources.list. I did this with the command:

pr -F *files > newfilepr -F *files > newfile

which combines all the sources.list files into one file. Some adaptation is needed.

2) removing *all* the files in /etc/apt/trustedgpg.d

then, I could add new keys to the keychain by issuing the “sudo apt-key adv –keyserver keyserver.ubuntu.com –recv-keys **KEY_HERE**” command (look it up if you don't know it). Before that, it didn’t import the key. Hope this is helpfull to someone, it was a completely random move on my part, had no idea if it would work or not. It did :D

The solution that worked for me was emptying /etc/apt/trusted.gpg.d, running apt-get update, and then manually adding every key it blocked on to the main /etc/apt/trusted.gpg keyring with apt-key adv as described above. Nothing else turned out to be necessary, you can leave the /etc/apt/sources.list.d/* where they are. There's probably a smoother way to consolidate all the keyrings in /etc/apt/trusted.gpg.d/* into the main one using gpg itself, however, that was quicker than writing a script.

I really shouldn't have to do this in the first place.

Deleting keys in gpg folder worked for me too.

14.04 LTS and 14.04.1 LTS x64 both present this error after fresh install, and again after adding the virtualbox repo.

W: GPG error: http://download.virtualbox.org trusty InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 54422A4B98AB5139
W: GPG error: http://extras.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192

Also affected in 14.04. This bug should be of high importance.
This bug was fixed in Debian in version 1.1~exp4, but the version in sid is 1.0.9.3, so I think we will have to wait bit yet.

yes empting /etc/apt/trusted.gpg.d directory worked for me as well.

very annoying how it silently choked on contents of that directory.

Ubuntu 14.10 32 bits

Description: Ubuntu 14.10
Release: 14.10
Codename: utopic

started to have same issue in this days...

apt:
  Installato: 1.0.9.2ubuntu2
  Candidato: 1.0.9.2ubuntu2
  Tabella versione:
 *** 1.0.9.2ubuntu2 0
        500 http://archive.ubuntu.com/ubuntu/ utopic/main i386 Packages
        100 /var/lib/dpkg/status

So, if I understand the response from the gpg-mailing-list correctly, the limit is 40 keys in total, essentially? Is there a way to increase that without mucking about with the source?

I started getting the "gpg: keyblock resource resource limit" error after adding a few testing PPAs related to Kali, but I don't have any zero-length files to remove as they are all in use.

To fix this, I guess I would have to remove the PPAs and their keys, or create some kind of specialized chroot or VM, which, I guess isn't so bad, really, but it's a bit of a pain.

>...the limit is 40 keys in total, essentially? Is there a way to increase that without mucking about with the source?
This is not a configurable limit AFAIK.

>...I don't have any zero-length files to remove as they are all in use.
I believe the bug that left the zero-length files upon deletion of PPAs was fixed a while back. More info in the upstream bug log:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=733028

You may have multiple keyrings (*.gpg) with the same key if you have multiple PPAs that share the same key. You could delete all but one of such keyrings.

I looked at my /etc/apt/trusted.gpg.d and found only a handful of keyrings for debian/mozilla archives which I probably added. I'm on Ubuntu 14.04, so this issue appears to be fixed in this version.

I just gone to /etc/apt/trusted.gpg.d and remove unused keys until I got below 40 keys. Then ran `sudo apt-get update` and fixed.

 I deleted all the contents in /etc/apt/trusted.gpg.d/.

then run

sudo launchpad-getkeys - found here: http://www.webupd8.org/2010/05/automatically-import-all-missing.html
sudo apt-get update

.... this cleared the fault for me.

http://askubuntu.com/questions/608140/all-public-keys-are-missing-xubuntu-ubuntu-14-04

Seems like the problem still exists in Ubuntu 15.04 with apt 1.0.9.7ubuntu4 for amd64 compiled on Apr 7 2015 14:42:59

Comment #26 was the solution for me.

Nothing works for me.. /etc/apt/trusted.gpg.d/ is already empty on a fresh 14.04 LTS..

Ubuntu 14.04 LTS. Bug still present. It seems I have too many gpg keys (above 40). None of the reported solutions seems to solve even after deleting the entire gpg folder.

(comment 7)

I can't believe it! THAT'S MINE!!!

40976EAF437D05B5

As I thought that it could even be related to some local repo not updating their stuff in time (yes this happens sometimes in minor form), I chenged to fr. and ch. domains sequentially. To no avail at all.

Thanks for the idea to use the 'del' option in apt-key.

I can't believe that so many people have problems with this, and all that developers are (usually) raving about is whether Ubuntu should be verbose to the user about global hotkey assignments or not. Securtity paranoiacs, most of them, but if it comes to such basic-security issue as here, they just go 'shrug, works for me, you're just too daft'.

Ok, nuked /etc/apt/trusted.gpg and rebuilt is using

sudo apt-key update

YAY!!
That finally caused the error message of the very key 40976EAF437D05B5 to disappear. Good riddance. :P

AND TO EVERYBODY:

Please do NOT confuse the line

sudo apt-key update

with

sudo apt-get update

Always make sure you're referring to the one or the other.

Ubuntu 15.04, bug still exist

But trick with deleting /etc/apt/trusted.gpg and sudo apt-key update do the job. After that all missing keys are recovered via apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <keys id> command.

I have that error second time and previous trick did not help. Problem still exist.

Just hit this bug in Kubuntu 16.04. Removing some old gpg files seems to have fixed it

Sorry, meant to say 15.10 in the above comment.

This bug hit me two days ago. I am on Ubuntu 14.04 64-bit, which was fully updated until the problem started. The workaround, fortunately, has worked for me.

I have also this pb. It seems gpg cannot handle more than /etc/apt/trusted.gpg (one keyring) + 39 keyrings in /etc/apt/trusted.gpg.d/ : https://lists.gnupg.org/pipermail/gnupg-users/2013-December/048571.html