release: Ubuntu kubernetes-xenial public key is not available: NO_PUBKEY B53DC80D13EDEF05
What happened:
$ curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
100 1210 100 1210 0 0 39402 0 --:--:-- --:--:-- --:--:-- 40333
OK
$ sudo apt update -y
Get:1 http://mirror.0x.sg/ubuntu kinetic InRelease [267 kB]
Hit:2 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:3 http://mirror.0x.sg/ubuntu kinetic-security InRelease
Hit:4 http://mirror.0x.sg/ubuntu kinetic-updates InRelease
Hit:5 http://mirror.0x.sg/ubuntu kinetic-backports InRelease
Hit:6 https://packages.treasuredata.com/4/ubuntu/jammy jammy InRelease
Get:7 https://download.docker.com/linux/ubuntu impish InRelease [48.9 kB]
Hit:8 https://deb.nodesource.com/node_18.x jammy InRelease
0% [Waiting for headers] [Connecting to ppa.launchpadcontent.net (185.125.190.52)] [Connecting to ftp.postgresql.org (217.196.149.55)]
Get:9 https://packages.cloud.google.com/apt kubernetes-xenial InRelease [8,993 B]
Err:9 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
Hit:10 https://ftp.postgresql.org/pub/pgadmin/pgadmin4/apt/jammy pgadmin4 InRelease
Hit:11 https://ppa.launchpadcontent.net/mati75/gimp30/ubuntu kinetic InRelease
Fetched 325 kB in 1s (317 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
W: Failed to fetch https://apt.kubernetes.io/dists/kubernetes-xenial/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05
W: Some index files failed to download. They have been ignored, or old ones used instead.
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
- Cloud provider or hardware configuration:
- OS (e.g:
cat /etc/os-release): Ubuntu 22.10 - Kernel (e.g.
uname -a): Linux khteh-p17-2i 5.19.0-29-generic #30-Ubuntu SMP PREEMPT_DYNAMIC Wed Jan 4 12:14:09 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux - Others:
About this issue
- Original URL
- State: closed
- Created a year ago
- Reactions: 12
- Comments: 73 (16 by maintainers)
Commits related to this issue
- Fetch k8s GPG key from alternate location Currently running into some issues when building the docker container: ``` W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: ... — committed to ellismg/azure-dev by ellismg a year ago
- fix problem on https://github.com/kubernetes/release/issues/2862 — committed to praparn/sourcesetup by praparn a year ago
- Fix Kubernetes install on Ubuntu VM See: https://github.com/kubernetes/release/issues/2862#issuecomment-1556508707 Signed-off-by: Sascha Grunert <sgrunert@redhat.com> — committed to saschagrunert/security-profiles-operator by saschagrunert a year ago
- Fix Kubernetes install on Ubuntu VM See: https://github.com/kubernetes/release/issues/2862#issuecomment-1556508707 Signed-off-by: Sascha Grunert <sgrunert@redhat.com> — committed to saschagrunert/security-profiles-operator by saschagrunert a year ago
- Change kubernetes repo key file URL The old URL seems to be not working. Ref: https://github.com/kubernetes/release/issues/2862#issuecomment-1554211504 — committed to Nordix/metal3-dev-tools by lentzi90 a year ago
- Fix Kubernetes install on Ubuntu VM See: https://github.com/kubernetes/release/issues/2862#issuecomment-1556508707 Signed-off-by: Sascha Grunert <sgrunert@redhat.com> — committed to kubernetes-sigs/security-profiles-operator by saschagrunert a year ago
- fix: Use new kubectl GPG key The GPG used in the official documentation is expired. However, there is another official source with a new GPG key available. This commit changes the source to fetch the... — committed to DSD-DBS/capella-collab-manager by MoritzWeber0 a year ago
- fix: Use new kubectl GPG key The GPG used in the official documentation is expired. However, there is another official source with a new GPG key available. This commit changes the source to fetch the... — committed to DSD-DBS/capella-collab-manager by MoritzWeber0 a year ago
- Update kubernetes gpg Update the source repository from which download the public signing key for kubernetes. ref: https://github.com/kubernetes/release/issues/2862 — committed to git-ogawa/setup_kube_cluster by git-ogawa a year ago
- fix: public key issue on latest kubernetes release See https://github.com/kubernetes/release/issues/2862 — committed to nueces/k8s-playground by nueces a year ago
- The instructions online were not working so I found this and it did work https://github.com/kubernetes/release/issues/2862#issuecomment-1533888814 — committed to Romanmc72/fresh-start by Romanmc72 a year ago
- Change kubernetes repo key file URL The old URL seems to be not working. Ref: https://github.com/kubernetes/release/issues/2862#issuecomment-1554211504 — committed to Nordix/metal3-dev-tools by lentzi90 a year ago
- fix: Use new kubectl GPG key The GPG used in the official documentation is expired. However, there is another official source with a new GPG key available. This commit changes the source to fetch the... — committed to DSD-DBS/capella-collab-manager by MoritzWeber0 a year ago
- fix: Use new kubectl GPG key The GPG used in the official documentation is expired. However, there is another official source with a new GPG key available. This commit changes the source to fetch the... — committed to DSD-DBS/capella-collab-manager by MoritzWeber0 a year ago
- https://github.com/kubernetes/release/issues/2862 — committed to aws-samples/app-health-with-aws-load-balancer-controller by deleted user a year ago
- Merge pull request #1 from aws-samples/main https://github.com/kubernetes/release/issues/2862 — committed to yahavb/app-health-with-aws-load-balancer-controller by deleted user a year ago
- https://github.com/kubernetes/release/issues/2862 — committed to aws-samples/app-health-with-aws-load-balancer-controller by deleted user a year ago
- 1-https://github.com/kubernetes/release/issues/2862 — committed to aws-samples/app-health-with-aws-load-balancer-controller by deleted user a year ago
- 2-https://github.com/kubernetes/release/issues/2862 — committed to aws-samples/app-health-with-aws-load-balancer-controller by deleted user a year ago
- 3-https://github.com/kubernetes/release/issues/2862 — committed to aws-samples/app-health-with-aws-load-balancer-controller by deleted user a year ago
I had this happening right now, even if the key file was there and even if the value was correctly pulled from
https://packages.cloud.google.com/apt/doc/apt-key.gpg.I have fixed it by using a different URL for the key:
https://dl.k8s.io/apt/doc/apt-key.gpgwhich I found here https://github.com/kubernetes/k8s.io/pull/4837#issuecomment-1446426585I think the reproducer would be running apt update in an existing installation without manually updating the key. I ran into the same problem and just curling the new key fixed it for me. Note that the download location in the Kubernetes help pages changed and you might have to run
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpginstead or update the location of the key file.@khteh I can reproduce the apt-key behaviour, but it might be unrelated to the Kubernetes key. If you manually put the key in /etc/apt/trusted.gpg.d/ apt-key list shows it correctly and the apt update works.
Referring to https://github.com/kubernetes/k8s.io/pull/4837
They have updated their host address, so now we should update it to use the key from
https://dl.k8s.io/apt/doc/apt-key.gpg. Then use something like:Don’t add
trusted=yes! This is dangerous and will tell apt to ignore the result of key verification.The error I saw:
The fix was almost the same as the debian comment above:
From below
I used the information provided here: https://cloud.google.com/compute/docs/troubleshooting/known-issues#keyexpired-2
Specifically:
Command (Ubuntu):
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -Command (Debian):
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -Worked fine on the latest Debian Bullseye + Ubuntu 22.04.5 releases.
Cheers
This script worked for me on Ubuntu 22.04.2 LTS using WSL
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpgecho "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list > /dev/nullI’m seeing the same issue on my Ubuntu 20.04.5 machine:
I believe the easiest solution is to download the https://packages.cloud.google.com/apt/doc/apt-key.gpg file and rename it to
.asc. Then you don’t need to worry about dearmoring the file.The instructions then become:
If you’re getting this error on Raspberry Pi OS as of the date of this post then try:
sudo curl -fsSLo /etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg https://dl.k8s.io/apt/doc/apt-key.gpgecho "deb [signed-by=/etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.listI have the same issue and none of the workarounds are working. I’ve tried all the commands listed here and in the Kubectl installation. I am still getting this error upon running apt-get update:
Ran into this issue today while making a debian container image.
None of the comments I read here worked, here’s what worked for me:
@jtele2 thanks for reference for for the kubectl installation.
After these commands:
sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpgecho "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.listthe warning has gone.@saschagrunert This line is failing on my machine:
curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpgThe recommendation from @aronneberg worked for me. After running
sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg, I am able to apt update normally.This worked for me. Thanks. 😃
Worked for me with the modern way as well (ubuntu server 22.04).
curl -fsSL “https://packages.cloud.google.com/apt/doc/apt-key.gpg” | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/kubernetes-archive-keyring.gpg
echo ‘deb https://packages.cloud.google.com/apt kubernetes-xenial main’ > /etc/apt/sources.list.d/kubernetes.list
Agreed! Looks like it is just a docs update needed. I did previously experience the HTTP 500 responses but these are responding as expected now. The GPG key present at https://packages.cloud.google.com/apt/doc/apt-key.gpg was fine, but I needed to run the following to allow it’s addition to the sources.list.d entry:
I was then able to add the following apt source entry which stopped the NO_PUBKEY issue occurring. I suspect that this is due to some kind of deprecated key format since I see apt-key’s documentation up till 21.10 doesn’t show a deprecation of apt-key add. In the deprecation notes thereafter, the key must be:
You can see the difference in the
fileoutput:Please instead read this advice (quoting from the docs):
For the Debian project explanation of where to put the trust data, read https://wiki.debian.org/DebianRepository/UseThirdParty#OpenPGP_certificate_distribution
Please also avoid recommending that Kubernetes users change the system-level package trust within
/etc/apt/trusted.gpg.d. We’d much rather follow Debian’s recommended approach, which also states:I have tried all suggested commands. Unsuccessfully. The error remains the same: NO_PUBKEY B53DC80D13EDEF05
follow https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/#install-using-native-package-management
I’m on a Ubuntu 20.04.5 machine and the @aronneberg workaround worked for me while @N3X14 workaround don’t.
It was mentioned above you could change the extension from
.gpgto.ascw/odearmorbut i have not tested it, e.gSolved for me using the modern way mentioned many times on this thread:
From (Old)
To (New)
Note that
/etc/apt/keyringsis deprecated in some distros in favor ofsudo gpg --dearmorwith/etc/apt/trusted.gpg.d/@crisbal you saved my day. it works
FIXED!
Err:2 https://packages.cloud.google.com/apt kubernetes-xenial InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B53DC80D13EDEF05curl: (23) Failed writing body (0 != 1210)Get:7 https://packages.cloud.google.com/apt kubernetes-xenial/main amd64 Packages [65.7 kB]It seems
curlis unable to create thekeyringsfolder inside the/etc/apt/directory. I just created it manually and it worked!Please see the email thread - https://groups.google.com/a/kubernetes.io/g/dev/c/gR5xDzzIcW8/m/SK5ARWkGAQAJ
and the work around in that thread or here - https://github.com/kubernetes/k8s.io/pull/4837#issuecomment-1446426585
/close
Works for me by following gobygo-rgb suggestions.
RUN echo “deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://apt.kubernetes.io/ kubernetes-xenial main” | tee /etc/apt/sources.list.d/kubernetes.list
still facing this issue please hep me:
@crisbal your updated key source worked for me, but I had to put it in /usr/share/keyrings to update my existing installation. I don’t know if I should uninstall and reinstall so it uses /etc/apt/trusted.gpg.d instead, since @nyetwurk says that’s the modern way.
Here’s the fix that worked for me:
it is working for me. you survived my cluster friend thank you 😃
seriously saved the day, literally was trying to reinstall kubectl and this shit happened. I almost needed a new screen. @crisbal u saved a screen from a screw driver in the middle
@crisbal only fix that works.
words for google: W: GPG error: https://packages.cloud.google.com/apt kubernetes-xenial InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY E: The repository ‘https://apt.kubernetes.io kubernetes-xenial InRelease’ is not signed.