If you use Ubuntu then it’s possible you’ll enable a PPA or two, to install software not in the standard Ubuntu Repositories.
This is a fairly simple process, but there’s a little fiddly bit of work to install the GPG key that goes along with each PPA. If you’re the kind of person that plays around with a lot of PPAs, or uses PPAs on a lot of machines then you’ll probably find yourself doing the GPG key dance a lot.
All round top-man Dominic Evans has crafted a neat little script which automates this process.
His script will not enable the PPAs, but for any PPA already enabled on your system it will go and get the necessary key and install it. If you have lots of PPAs enabled then this is a great way to do all the keys in one hit.
Here’s what happens when you have added a PPA to your Ubuntu sources list, but haven’t done the GPG key dance:-
alan@hactar:~$ sudo apt-get update [sudo] password for alan: Hit http://archive.canonical.com jaunty Release.gpg Ign http://archive.canonical.com jaunty/partner Translation-en_GB Get: 1 http://ppa.launchpad.net jaunty Release.gpg [307B]
snip
Get: 31 https://private-ppa.launchpad.net jaunty/main Sources [1543B] Fetched 388kB in 3s (121kB/s) Reading package lists... Done W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5 W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B22AB97AF1CDFA9 W: You may want to run apt-get update to correct these problems
Similarly if you use Update Manager then you’ll get a dialog box titled “An error occurred. The following details are provided:” followed by:-
W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5A9BF3BB4E5E17B5 W: GPG error: http://ppa.launchpad.net jaunty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B22AB97AF1CDFA9
Of course the number of these, and the keys that you will see displayed will be different depending upon which PPAs you have enabled. Whilst they are only warnings, they’re annoying enough for most people to want them to go away.
To fix this quickly and easily, just grab the script and save it somewhere like /usr/local/bin or (preferably for me) ~/bin (that’s /home/alan/bin on my system). Finally make it executable by right clicking the file in nautilus and go to properties, then select the Permissions tab and enable ‘Allow executing file as a program’. If you like the terminal then you can use the chmod command to do that bit.
Whenever you add a PPA simply run the script in a terminal. Here’s what happens when you run Dominic’s funky script.
alan@hactar:~$ launchpad-update Grabbing key 4E5E17B5 for archive ppa by ~chromium-daily Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 4E5E17B5 gpg: requesting key 4E5E17B5 from hkp server keyserver.ubuntu.com gpg: key 4E5E17B5: public key "Launchpad PPA for chromium-daily" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) Grabbing key AF1CDFA9 for archive x-updates by ~ubuntu-x-swat Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com AF1CDFA9 gpg: requesting key AF1CDFA9 from hkp server keyserver.ubuntu.com gpg: key AF1CDFA9: public key "Launchpad PPA for Ubuntu-X" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) Already have key 3E731F79 for archive ppa by ~siretart DONE
That’s it. Now when I update…
alan@hactar:~$ sudo apt-get update Hit http://archive.canonical.com jaunty Release.gpg Ign http://archive.canonical.com jaunty/partner Translation-en_GB
..snip..
Hit https://private-ppa.launchpad.net jaunty/main Sources Fetched 617B in 2s (240B/s) Reading package lists... Done alan@hactar:~$
No warnings! Lovely. Big hugs for Dominic.
I understand that for Ubuntu Karmic (9.10) this script may become redundant as other changes come in, but for now, and for releases before 9.10 this is awesome!
31 Comments
this worked for me:
for i in `sudo aptitude update 2>&1 | grep NO_PUBKEY | awk '{print $NF;}'`; do sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys $i; done
Thanks! It was just what I needed
Thank you very much lol
somehow the script wont run:
nivosh-desktop scripts # launchpad-update
bash: launchpad-update: command not found
Did you make sure you changed the acls? i.e
myprompt> chmod +x launchpade-update
otherwise it won’t run:
myprompt> ./launchpade-update
@nivosh open terminal and navigate to the directory with the script. Then type the following commands:
chmod +x launchpad-update
then
./launchpad-update
if you made it an executable before and you got that error you mentioned, it’s because you didn’t put ./ before the filename.
hey what happened to the other comments on this post?
anyhow just a quick fyi
https://edge.launchpad.net/ubuntu/+source/software-properties/0.75/+changelog
karmic now has ‘sudo add-apt-repository ppa:oldman’ which adds the sources.list entries and grabs the gpg keys for you
Well, funny you should ask. I migrated from Drupal to WordPress, and whilst that all went fine, and I have the comments imported into the database (all 963 of them), wordpress barfs when I go to the edit comments page. Not yet figured out how to resolve that. Might be easier to just modify the database and and set all comments to moderated. Suggestions welcome.
mysql> update wpblog.wp_comments set comment_approved = ’1′ where comment_approved = ’0′;
Query OK, 963 rows affected (0.14 sec)
Rows matched: 963 Changed: 963 Warnings: 0
Hurrah!
@nivosh I used the drag/drop method noted by Vadim because I encountered the same issue as you. That worked for me.
Thanks for the script, even though i have now changed over to Linux Mint because of Ubuntu Jaunty’s flash issues and difficulty in playing .swf files. Gloria plays media a lot better, you will have to concede that. Besides, it’s dumbed down enough for me, you benevolent eggheads! (no sarcasm, only respect, intended)
Absolutely wonderful. Solved my nagging problem with a PPA that I couldn’t find a key for.
I am using karmic in alpha form, and it just imported 2 keys for me no problem.
Lets hope it keeps working through the beta and final release stages.
Here you can find more than one script to add only missing gpg key or all gpg key: http://www.sourceslist.eu/guide/aggiungere-le-chiavi-gpg/
Thanks for the script. Unfortunately, I’m still getting the following errors at the end of the process:
Err http://ppa.launchpad.net jaunty/main Packages 404 Not Found
Err http://ppa.launchpad.net jaunty/main Packages 404 Not Found
Fetched 616B in 2s (221B/s)
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/jaunty/Release Unable to find expected entry free/binary-i386/Packages in Meta-index file (malformed Release file?)
W: Failed to fetch http://ppa.launchpad.net/psyke83/ubuntu/dists/jaunty/main/binary-i386/Packages 404 Not Found
W: Failed to fetch http://ppa.launchpad.net/pascal-devuyst/printingbuginfo/ubuntu/dists/jaunty/main/binary-i386/Packages 404 Not Found
E: Some index files failed to download, they have been ignored, or old ones used instead.
A couple of questions:
I understand that “E” = error, but what does “W” mean?
How can I get rid of the “Failed to fetch” errors?
Any help at all greatly appreciated. TIA.
thankyou,,, this really works!
i love karmic stuff when win7 makes me bored.
It really worked, thanks …
Do I get a different result if I just copy the key in a file and double-click that file?
It asks for your password via terminal. So open a terminal window, drag the file in, press enter and you’ll be good to go.
Might need to right-click on it first and set it to be executable via properties->permissions.
No, should be the same.
One of the problems that I was talking with a few guys at UDS about was adding keys automatically without actually checking what they hell it’ll verify, this script is still too hard to use for the average person, but could you imagine such an automated thing on the Ubuntu desktop allowing none technical users to add any old PPA without the system even asking them to check who or what is in it?
my little contribution to 100 papercuts
? keyserver.ubuntu.com != ppa.launchpad.net
the script does presume that you trust your DNS server’s result for keyserver.ubuntu.com, but if you lose trust in your DNS then what can you trust?
What you are doing is automatically fetching whatever GPG key is available on the same host you are getting your data from, and then telling your system to trust everything that comes from that host. Please don’t tell people to do something like that, it completly defies the the idea of using GPG to authenticate package data.
If you don’t care about what you are doing, just set APT::Get::AllowUnauthenticated “true”; in your apt.conf.d.
Thanks for this!
But Ubuntu still absolutely needs an easy way for desktop users to install packages from PPAs. Having to use the terminal (or to copy and paste the gpg key etc.) is way too complex!
Sure! And as I mentioned at the end, there’s a plan to make this a lot easier.
Adding PPA keys manually is a PITA. This script is awesome, thank you for sharing!
do you know that you have any missing PPA keys? if it just says done that suggests you either a) already have all your keys, or b) you don’t have any PPAs listed in /etc/apt/sources.list or /etc/apt/sources.list.d/*
Doesn’t work for me. It just says DONE and no keys are downloaded.
The script as written won’t find any matching deb lines if there is more than one space after “deb”.
Change the text beginning:
grep -o “^deb http
to:
grep -o “^deb *http
I.e., insert an asterisk before “http”.
All that you’re doing is to allow multiple spaces. The script failed on my system after I’d “prettified” the lines in the sources file.
On the other hand, there’s a perl script that I made, fairly older (January 2009) than this bash script you mentioned:
http://ubuntuforums.org/showthread.php?t=1056099
“I made a perl script that:
- Can detect and fix any launchpad PPA link from apt .list files
- Backs up the original source list (e.g. /etc/apt/sources.list as
/etc/apt/sources.list.backup)
- Imports GPG keys for the links detected apt .list files”
Cheers
2 Trackbacks
[...] For a more inclusive but slower method of updating keys, you might like this script from Dominic Evans, which was first noted here. [...]
[...] Aqui esta como hizo para implementar ese script, pero tambien, un lector de Ubuntips (Blog ubuntero recomendado) desarrollo el paquete deb para instalar este script mas facil (y no tener que andar toqueteando ni instalando nada), aqui el post en ubuntips blog, y aqui el enlace hacia ese paquete deb para instalar con un par de clicks y quitarse la monserga de las llaves de los ppa. [...]