Monthly Archives: June 2009

If you use Ubuntu then it's possible you'll enable a PPA or two, to install software not in the standard Ubuntu Repositories. This is a fairly simple process, but there's a little fiddly bit of work to install the GPG key that goes along with each PPA. If you're the kind of person that plays around with a lot of PPAs, or uses PPAs on a lot of machines then you'll probably find yourself doing the GPG key dance a lot. All round top-man Dominic Evans has crafted a neat little script which automates this process. His script will not enable the PPAs, but for any PPA already enabled on your system it will go and get the necessary key and install it. If you have lots of PPAs enabled then this is a great way to do all the keys in one hit. Here's what happens when you have added a PPA to your Ubuntu sources list, but haven't done the GPG key dance:-

alan@hactar:~$ sudo apt-get update
[sudo] password for alan: 
Hit http://archive.canonical.com jaunty Release.gpg
Ign http://archive.canonical.com jaunty/partner Translation-en_GB              
Get: 1 http://ppa.launchpad.net jaunty Release.gpg [307B]      

snip

Get: 31 https://private-ppa.launchpad.net jaunty/main Sources [1543B]
Fetched 388kB in 3s (121kB/s)
Reading package lists... Done
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B22AB97AF1CDFA9
W: You may want to run apt-get update to correct these problems

Similarly if you use Update Manager then you'll get a dialog box titled "An error occurred. The following details are provided:" followed by:-

W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B22AB97AF1CDFA9

Of course the number of these, and the keys that you will see displayed will be different depending upon which PPAs you have enabled. Whilst they are only warnings, they're annoying enough for most people to want them to go away. To fix this quickly and easily, just grab the script and save it somewhere like /usr/local/bin or (preferably for me) ~/bin (that's /home/alan/bin on my system). Finally make it executable by right clicking the file in nautilus and go to properties, then select the Permissions tab and enable 'Allow executing file as a program'. If you like the terminal then you can use the chmod command to do that bit. Whenever you add a PPA simply run the script in a terminal. Here's what happens when you run Dominic's funky script.

alan@hactar:~$ launchpad-update 
Grabbing key 4E5E17B5 for archive ppa by ~chromium-daily
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg
 --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 4E5E17B5
gpg: requesting key 4E5E17B5 from hkp server keyserver.ubuntu.com
gpg: key 4E5E17B5: public key "Launchpad PPA for chromium-daily" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
Grabbing key AF1CDFA9 for archive x-updates by ~ubuntu-x-swat
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg
 --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com AF1CDFA9
gpg: requesting key AF1CDFA9 from hkp server keyserver.ubuntu.com
gpg: key AF1CDFA9: public key "Launchpad PPA for Ubuntu-X" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)
Already have key 3E731F79 for archive ppa by ~siretart
DONE

That's it. Now when I update...

alan@hactar:~$ sudo apt-get update
Hit http://archive.canonical.com jaunty Release.gpg
Ign http://archive.canonical.com jaunty/partner Translation-en_GB

..snip..

Hit https://private-ppa.launchpad.net jaunty/main Sources
Fetched 617B in 2s (240B/s)
Reading package lists... Done
alan@hactar:~$ 

No warnings! Lovely. Big hugs for Dominic. I understand that for Ubuntu Karmic (9.10) this script may become redundant as other changes come in, but for now, and for releases before 9.10 this is awesome!