NO_PUBKEY error in google cloud debian packages update

Question

I have a couple of Google Clouds compute instances (US, Germany, Australia)

While doing

apt-get update

today I get:

> Get:10 http://packages.cloud.google.com/apt
> google-cloud-packages-archive-keyring-stretch InRelease [3,876 B]
> Err:6 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB 
> Err:7 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease   
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB 
> Err:10 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease   
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB

On all of them. Is there anything I need to do, or is this a corruption on Google packages?

Thanks

Yves

score 31 · Answer 1 · answered Apr 08 '21 at 14:50

31

If you followed the guide here: https://cloud.google.com/sdk/docs/install#deb and used the signed-by option, then you need to provide apt-key with the --keyring option:

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -

answered Apr 08 '21 at 14:50

Nikolai Røed Kristiansen

411
4
4

3

This should be the correct answer. It's the only thing that actually fixed it for me. – andrebrait Apr 12 '21 at 07:42

score 20 · Answer 2 · answered Mar 09 '19 at 10:52

20

Found the issue here: https://cloud.google.com/compute/docs/troubleshooting/known-issues#keyexpired

So you just need to run this before to apt-get update:

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

answered Mar 09 '19 at 10:52

BxlSofty

653
5
11

score 0 · Answer 3 · answered Aug 18 '21 at 15:52

Modern Debian 10 uses alternative scheme for registering package signing keys, following Ansible script demonstrates it:

- name: Add GCP Apt signing keys.
  ansible.builtin.apt_key:
    id: "{{ item }}"
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    keyring: /usr/share/keyrings/gcp-deb-keys.gpg
  loop:
    # Rapture Automatic Signing Key, expires: 2023-03-02
    - "7F92E05B31093BEF5A3C2D38FEEA9169307EA071"
    # gLinux Rapture Automatic Signing Key, expires: 2022-12-04
    - "59FE0256827269DC81578F928B57C5C2836F4BEB"

- name: Add GCP repo for Cloud SDK.
  apt_repository:
    filename: "gcp-google-cloud-sdk"
    repo: "deb [signed-by=/usr/share/keyrings/gcp-deb-keys.gpg] https://packages.cloud.google.com/apt cloud-sdk-buster main"
    state: present
# Contains: google-compute-engine-oslogin, google-osconfig-agent
- name: Add GCP repo for Compute Engine setup.
  apt_repository:
    filename: "gcp-compute-engine"
    repo: "deb [signed-by=/usr/share/keyrings/gcp-deb-keys.gpg] https://packages.cloud.google.com/apt google-compute-engine-buster-stable main"
    state: present

NO_PUBKEY error in google cloud debian packages update

3 Answers3