There appears to be a bug in Debian’s key signing system. Depending on your apt sources you may run in to packages signed by a key that Debian doesn’t like. Annoyingly, these are Debian-signed packages, but unless you want to fix it, here is a workaround.
http://non-us.debian.org is a repository signed with F1D53D8C4F368D5D, but Debian does not trust that key (because it is expired). Go figure.
To resolve the irritating error:
W: GPG error: http://non-us.debian.org stable/non-US Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY [some key]
1) Make sure you have the newest keys from Debian the automagical way:
This will probably do nothing.
2) Update your keys manually:
- Visit http://ftp-master.debian.org
- Find the URL to the latest key (right at the top of the page)
- Download it and import it:
wget [URL] -O - | apt-key add -(replace [URL] with the link to the key, silly)
3) Try again. If it was indeed a key issued by Debian that you were missing, you should have it now. My guess is you have stumbled across packages signed by a key that Debian forgot to include in their trusted keys list.
4) The Icky part
- Install GNU PG if you don’t have it:
apt-get install gnupg
- Grab the key from Debian (Hey, it’s their key, they just forgot to give it out):
gpg --keyserver keyring.debian.org --recv-keys [KEY]
- Install the key:
gpg --armor --export [KEY] | sudo apt-key add -
- Trust the key:
gpg --export [KEY] >> /etc/apt/trusted.gpg
- Make sure the key is there:
Now, not to rag on the Debian group, but the key I have been fighting with is F1D53D8C4F368D5D on non-us.debian.org. That key is expired which is why it is not distributed. No packages should be signed with it.