Signatures couldn't be verified - public key - Ubuntu 20.04 Focal
Magicrafter13 opened this issue ยท 23 comments
I did see other mentions of this issue, but they seemed to be related to users running an unsupported distro. However, Ubuntu Focal is listed as supported.
curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -
## Installing the NodeSource Node.js 14.x repo...
## Populating apt-get cache...
+ apt-get update
Hit:1 http://us.archive.ubuntu.com/ubuntu focal InRelease
- - -
Hit:4 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
- - -
Hit:6 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:7 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done
## Confirming "focal" is supported...
+ curl -sLf -o /dev/null 'https://deb.nodesource.com/node_14.x/dists/focal/Release'
## Adding the NodeSource signing key to your keyring...
+ curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg >/dev/null
gpg: WARNING: unsafe ownership on homedir '/home/matthew/.local/share/gnupg'
## Creating apt sources list file for the NodeSource Node.js 14.x repo...
+ echo 'deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_14.x focal main' > /etc/apt/sources.list.d/nodesource.list
+ echo 'deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_14.x focal main' >> /etc/apt/sources.list.d/nodesource.list
## Running `apt-get update` for you...
+ apt-get update
Get:1 https://deb.nodesource.com/node_14.x focal InRelease [4,583 B]
Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
- - -
Err:1 https://deb.nodesource.com/node_14.x focal InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
- - -
Hit:5 http://us.archive.ubuntu.com/ubuntu focal-updates InRelease
- - -
Hit:7 http://us.archive.ubuntu.com/ubuntu focal-backports InRelease
Hit:8 http://us.archive.ubuntu.com/ubuntu focal-security InRelease
Reading package lists... Done
W: GPG error: https://deb.nodesource.com/node_14.x focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
E: The repository 'https://deb.nodesource.com/node_14.x focal InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Error executing command, exiting
Wish Canonical would provide something newer than version 10.x.x...
I had a version that was at least as high as 12 yesterday, and after reinstalling everything I'm not sure how I managed that in the past, I don't recall using nodesource previously, but npm and n were unable to update me to version 14, hoping I have better luck here.
I also get this error since today:
W: GPG error: https://deb.nodesource.com jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
Last week it worked fine while building a docker image. I think it is related to this commit from 3 days ago: 1e1ee93
I get this while running the setup for Node 12.x in my dockerfile like this:
RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - \
&& apt-get install --yes nodejsOS is Debian Jessie.
I "fixed" it by running the following command before the setup:
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -I got this from the manual installation guide.
So in my dockerfile I have it like this now:
RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - \
&& apt-get install --yes nodejs
As @KoenCa just mentioned above, in Debian Jessie, which has reached its end-of-life on June 30, 2020, I was able to reproduce this behavior consistently (it was expected also for Ubuntu Trusty Tahr). However, I was not able to consistently reproduce it on Ubuntu Focal Fossa.
Can you give us more information regarding your environment @Magicrafter13?
I encountered this issue due to using a non-default umask (umask 0027) as required by the CIS benchmark standard. This caused /usr/share/keyrings/nodesource.gpg to be written with 640 permissions instead of 644, so only root could read it. So it should be reproducible by running umask 0027 before curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -. After running chmod a+r /usr/share/keyrings/nodesource.gpg apt-get update completed successfully.
^^ Sorry I actually had to sudo su, run umask 0027 and then curl -sL https://deb.nodesource.com/setup_12.x | bash - to reproduce (no sudo -E) so that the child process would inherit the umask value
I got the same error @KoenCa describes while trying to instal LTS version in debian 8. This prevents quiet apt-get install without --force-yes flag because of the warning:
RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash - && \ sudo apt-get install -y nodejs
W: GPG error: https://deb.nodesource.com jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
I "fixed" it by running the following command before the setup:
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -I got this from the manual installation guide.
So in my dockerfile I have it like this now:
RUN curl -fsSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - \ && apt-get install --yes nodejs
I also updated the base image of my dockerfile and now it uses Debian Buster. I removed the line with the fix and it works like normal.
Same problem with ubuntu 14.04 (I've know it's EOLed, just as info):
FROM ubuntu:14.04
RUN apt-get -y update && \
apt-get -y install curl
RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - && \
apt-get -y install nodejs
result:
WARNING: The following packages cannot be authenticated!
nodejs
E: There are problems and -y was used without --force-yes
And same Dockerfile is fine with 16.04
FROM ubuntu:16.04
RUN apt-get -y update && \
apt-get -y install curl
RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - && \
apt-get -y install nodejs
As @KoenCa just mentioned above, in
Debian Jessie, which has reached its end-of-life on June 30, 2020, I was able to reproduce this behavior consistently (it was expected also forUbuntu Trusty Tahr). However, I was not able to consistently reproduce it onUbuntu Focal Fossa.Can you give us more information regarding your environment @Magicrafter13?
Any specific information that would help? Despite having the server running for over a year, I can't really think of anything "stand out" about my env.
I encountered this issue due to using a non-default umask (
umask 0027) as required by the CIS benchmark standard. This caused/usr/share/keyrings/nodesource.gpgto be written with640permissions instead of644, so only root could read it. So it should be reproducible by runningumask 0027beforecurl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -. After runningchmod a+r /usr/share/keyrings/nodesource.gpgapt-get update completed successfully.
I checked, and the permissions of this file were also 640 for me. I've never touched the umask to my knowledge (I assume that's something I'd have to change in /etc/fstab?), so I'm not sure how it would have been changed (assuming it was changed, which I don't actually know for sure).
Okay, I also figured out how to check my umask, which is 022, so if the file permissions are an issue, there must be a different cause.
I also had the error with Ubuntu bionic.
Err:5 https://deb.nodesource.com/node_12.x bionic InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
Reading package lists... Done
W: GPG error: https://deb.nodesource.com/node_12.x bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1655A0AB68576280
E: The repository 'https://deb.nodesource.com/node_12.x bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Error executing command, exiting
Checked the permissions of /usr/share/keyrings/nodesource.gpg and it was 600. Changing it to 644 fixed the issue.
@igsu I'm sorry why this closed without any comments? Issue still actual for me on Ubuntu 14.04
@ShockwaveNN We cannot maintain apt-key as it is scheduled for removal:
https://salsa.debian.org/apt-team/apt/-/commit/ee284d5917d09649b68ff1632d44e892f290c52f
https://salsa.debian.org/apt-team/apt/-/commit/ee284d5917d09649b68ff1632d44e892f290c52f#d1b035cd43f3c2f65d2be57ba185053090491a35_47_48
Maintaining deprecated tools so that our scripts work on distributions that are already EOL like Debian Jessie and Ubuntu 14.04 is not a good practice, that is way we are moving with the procedure recommended by Debian:
https://wiki.debian.org/DebianRepository/UseThirdParty
We are sorry that it does not work on those distributions but it is a must.
You can follow the manual instructions that still work on the aforementioned distributions.
Okay, but what's the issue for me then, @igsu ? I'm on current LTS, certainly not EOL.
Okay, but what's the issue for me then, @igsu ? I'm on current LTS, certainly not EOL.
Same here,
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.1 LTS
Release: 18.04
Codename: bionic
This problem need to be fix, as it is not the apt-key's problem.
The real fix has been provided by @kosala-almeda:
I also had the error with Ubuntu bionic.
. . .
Checked the permissions of
/usr/share/keyrings/nodesource.gpgand it was600. Changing it to644fixed the issue.
So please add a line chmod 644 /usr/share/keyrings/nodesource.gpg into the setup script.
Thanks
Oh man, the permissions ... that fixed it.
I had the same issue on Ubuntu-20.04. Tried to install nodejs 12.x Due to strange root settings on my corporate laptop, the permissions for files
/etc/apt/sources.list.d/nodesource.list
/usr/share/keyrings/nodesource.gpg
were wrong (600). Calling
$ sudo chmod 644 /etc/apt/sources.list.d/nodesource.list
$ sudo chmod 644 /usr/share/keyrings/nodesource.gpg
has solved the problem. Feeling pretty angry that somebody's crooked hands can make our lives really difficult.
the root umask is probably set to 077 or sth like that
i have this issue which resulted from following "sudo curl -fsSL https://deb.nodesource.com/setup_16.x | bash -] dpkg: error processing archive /var/cache/apt/archives/nodejs_16.11.1-deb-1nodesource1_amd64.deb (--unpack):
trying to overwrite '/usr/share/doc/nodejs/api/embedding.json.gz', which is also in package nodejs-doc 12.22.5dfsg-211u1
dpkg-deb: error: paste subprocess was killed by signal (Broken pipe)
Errors were encountered while processing:
/var/cache/apt/archives/nodejs_16.11.1-deb-1nodesource1_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
OS kali linux 15 kindly help
Just faced the same issue on Ubuntu 20.04.
Solved it by doing the following which is mainly based on the comments above:
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg >/dev/null
echo 'deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x focal main' > /etc/apt/sources.list.d/nodesource.list
echo 'deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_18.x focal main' >> /etc/apt/sources.list.d/nodesource.list
chmod a+r /usr/share/keyrings/nodesource.gpg
apt update
apt install -y nodejsI have the same problem on Linux Mint 21, but when installing Node 19. Tried chmoding the nodesource.list and gpg files, still get the exact same error.
Note: I have Node16 installed, I don't know if its existence may be causing a conflict in the install. I just want to replace the old version by the new one
Here is a working solution in Dockerfile tested on FROM ubuntu:focal-20220531
Hope this saves someone out there 3-5 hours+ trying to figure out why following the official NodeJS docs doesn't seem to work ๐คท Good luck ๐
######################################################
# STEP 1) Install prerequisites
######################################################
RUN apt-get update && \
apt-get install -y ca-certificates curl gnupg
######################################################
# STEP 2) Download and add the NodeSource GPG key to the trusted keyring
######################################################
RUN curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg >/dev/null
######################################################
# STEP 3) Add the NodeSource repository
######################################################
ARG NODE_MAJOR=20 # Set the Node.js version
RUN echo "deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x $(. /etc/os-release; echo "$UBUNTU_CODENAME") main" > /etc/apt/sources.list.d/nodesource.list && \
echo "deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x $(. /etc/os-release; echo "$UBUNTU_CODENAME") main" >> /etc/apt/sources.list.d/nodesource.list
######################################################
# STEP 4) Update apt and install Node.js
######################################################
RUN apt-get update && apt-get install -y nodejsi solved my node_20x problem with tihs
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | gpg --dearmor | tee /usr/share/keyrings/nodesource.gpg >/dev/null
echo 'deb-src [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x jammy main' >> /etc/apt/sources.list.d/nodesource.list
echo 'deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x jammy main' > /etc/apt/sources.list.d/nodesource.listthen, i can now run apt-get update on my ubuntu 22.04