Categories
Uncategorized

How to fix the missing HPE's public keys

HPE Software Delivery Repository is cryptographically signed, so you can be sure that provided software packages have not been modified by a third party. However, sometimes you can encounter the The following signatures couldn't be verified because the public key is not available error which can be easily fixed.

Step 1

Identify source of the problem by the line GPG error: http://downloads.linux.hpe.com wheezy/current Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C208ADDE26C2B797.

$ sudo apt-get update
Get:1 http://downloads.linux.hpe.com wheezy/current Release.gpg [490 B]
Hit http://downloads.linux.hpe.com wheezy/current Release
Err http://downloads.linux.hpe.com wheezy/current Release
Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://ftp.us.debian.org wheezy Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://ftp.us.debian.org wheezy Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/contrib amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/non-free amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://ftp.us.debian.org wheezy-backports/contrib Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Hit http://ftp.us.debian.org wheezy/main amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free Translation-en
Fetched 490 B in 1s (291 B/s)
Reading package lists...
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://downloads.linux.hpe.com wheezy/current Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C208ADDE26C2B797
W: Failed to fetch http://downloads.linux.hpe.com/SDR/repo/mcp/dists/wheezy/current/Release
W: Some index files failed to download. They have been ignored, or old ones used instead.

Step 2

Install public keys provided on the HPE Software Delivery Repository web-site.

$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey1024.pub       | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048.pub       | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpPublicKey2048_key1.pub  | sudo apt-key add -
$ curl http://downloads.linux.hpe.com/SDR/hpePublicKey2048_key1.pub | sudo apt-key add -

Step 3

Verify that problem is fixed.

$ sudo apt-get update
Hit http://security.debian.org wheezy/updates Release.gpg
Hit http://ftp.us.debian.org wheezy-backports Release.gpg
Get:1 http://downloads.linux.hpe.com wheezy/current Release.gpg [490 B]
Hit http://security.debian.org wheezy/updates Release
Hit http://ftp.us.debian.org wheezy Release.gpg
Hit http://downloads.linux.hpe.com wheezy/current Release
Hit http://ftp.us.debian.org wheezy-backports Release
Hit http://security.debian.org wheezy/updates/main amd64 Packages
Hit http://downloads.linux.hpe.com wheezy/current/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy Release
Hit http://security.debian.org wheezy/updates/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy-backports/main amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/contrib amd64 Packages/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free amd64 Packages/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free amd64 Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://security.debian.org wheezy/updates/main Translation-en
Hit http://ftp.us.debian.org wheezy-backports/contrib Translation-en/DiffIndex
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Hit http://ftp.us.debian.org wheezy-backports/main Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy-backports/non-free Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy/main amd64 Packages
Ign http://downloads.linux.hpe.com wheezy/current/non-free Translation-en
Hit http://ftp.us.debian.org wheezy/contrib amd64 Packages
Hit http://ftp.us.debian.org wheezy/non-free amd64 Packages
Hit http://ftp.us.debian.org wheezy/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free Translation-en
Fetched 490 B in 1s (275 B/s)
Reading package lists...

Additional information

Use gnupg to list trusted keys.

$ sudo gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --list-keys
/etc/apt/trusted.gpg
--------------------
pub   2048R/B1275EA3 2014-11-19 [expires: 2024-11-16]
uid                  Hewlett-Packard Company RSA (HP Codesigning Service) - 1
pub   2048R/5CE2D476 2012-12-04 [expires: 2022-12-02]
uid                  Hewlett-Packard Company RSA (HP Codesigning Service)
pub   2048R/26C2B797 2015-12-10 [expires: 2025-12-07]
uid                  Hewlett Packard Enterprise Company RSA-2048-25 
pub   1024D/2689B887 2005-03-11 [expired: 2015-03-09]
uid                  Hewlett-Packard Company (HP Codesigning Service)

Use gnupg to verify release file.

$ sudo gpg --no-default-keyring --keyring /etc/apt/trusted.gpg --verify /var/lib/apt/lists/{downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release.gpg,downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release}
gpg: Signature made Tue Mar 14 22:03:46 2017 UTC using RSA key ID 26C2B797
gpg: Good signature from "Hewlett Packard Enterprise Company RSA-2048-25 "
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5744 6EFD E098 E5C9 34B6  9C7D C208 ADDE 26C2 B797

In case you are still curious about the signature and release file contents then inspect those.

$ cat /var/lib/apt/lists/downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release.gpg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iQEcBAABCAAGBQJYyGjCAAoJEMIIrd4mwreXbZUH/A9SZl4p0sdz8oUGiHQnm43B
vl0EEG9lrTrLMxB13yTzeIW+/6J2GFl3dDT9jFzxkwxU4SBnAlzXJuFFv+QCB6jA
WeLOcFT/pDyS44U/vHeyTg5pEteqbPFvsMGe6F/A5dWTF3F2Fmfwf80CvVoe2/vi
G57rVP+p3aByEeuqQjsx28qhASTmH0BO5X2o3KCVWp5yI9aFTB0iR5k55OvALxUu
ptiLpHdjsx74V5RCwAx4xPAlIwhJpnkcU8oA0gAnLbFgggOFslG4HVfj1VXJQvZH
intGgLTDbzxIJCr8fYR1y1tNOAfMRn0ygUrVWFwr2OHtXR+YWeveI51BA7zil1Q=
=xbmR
-----END PGP SIGNATURE-----
$ cat /var/lib/apt/lists/downloads.linux.hpe.com_SDR_repo_mcp_dists_wheezy_current_Release
Architectures: amd64 i386
Components: non-free
Date: Tue, 10 Sep 2013 17:25:59 UTC
Description: HP Management Component Pack
Label: MCP
Origin: HP
Suite: wheezy
MD5Sum:
 d41d8cd98f00b204e9800998ecf8427e                0 Release
 b34146fce867f6866d15b1299c03f0eb            21614 non-free/binary-amd64/Packages
 8fc0a6b4c1f3e376ac7c28ec3588e668             6238 non-free/binary-amd64/Packages.bz2
 4a3fbb4aad84d1c65f4cf4f3de7da445             6420 non-free/binary-amd64/Packages.gz
 b15c41fa0d4a4aa1900b8baaeddbd05f            21580 non-free/binary-i386/Packages
 8ea9f47bfd6c156cbc4e7c5eee46d674             6247 non-free/binary-i386/Packages.bz2
 6f76dad67d9ac74446047af6afc2f86a             6467 non-free/binary-i386/Packages.gz
 d41d8cd98f00b204e9800998ecf8427e                0 non-free/source/Sources
 4a4dd3598707603b3f76a2378a4504aa               20 non-free/source/Sources.gz
SHA1:
 da39a3ee5e6b4b0d3255bfef95601890afd80709                0 Release
 d4e80e29b7336fcc157108b13441692896eca67c            21614 non-free/binary-amd64/Packages
 babe71febd9e14d7b50583ee8ca6a5cca8b8b594             6238 non-free/binary-amd64/Packages.bz2
 5fe6c9e85fa7f57ef05c9ced1f744b9391b333ce             6420 non-free/binary-amd64/Packages.gz
 3d423e8e33b83a808c685ff5d22f01acaf255f88            21580 non-free/binary-i386/Packages
 1ad3811b9149e3b7856aa99951a296e44dab5695             6247 non-free/binary-i386/Packages.bz2
 2e338385af0177e8ba55654181f0d6c2168dcb2a             6467 non-free/binary-i386/Packages.gz
 da39a3ee5e6b4b0d3255bfef95601890afd80709                0 non-free/source/Sources
 a0fddd5458378c1bf3c10dd2f5c060d1347741ed               20 non-free/source/Sources.gz
SHA256:
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855                0 Release
 7d74647f84c5f07caa555902b4b89748947e7176e9b6ee6ce11f4fdeafc9c9db            21614 non-free/binary-amd64/Packages
 21b0756ba35e6852ecfa9ad64af739fb52bf98efc0022569301ad739fd9c2d69             6238 non-free/binary-amd64/Packages.bz2
 eeb2b65747c5de78f93122b36bea33580f507c0d5b906f96ab1b916f3eb0b2ad             6420 non-free/binary-amd64/Packages.gz
 aebdc28143c383d8a2fe12306786d0f9485c9388fc8e60e567777c214f4d1c56            21580 non-free/binary-i386/Packages
 73aba416aaa36fdbde435b4ba22907c824f100bc07d459f34283011ca62c0a6f             6247 non-free/binary-i386/Packages.bz2
 eda6c70189c7e65bfb70d831bff436ffba5c1a6a60f59e5d25bf355057ec38f0             6467 non-free/binary-i386/Packages.gz
 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855                0 non-free/source/Sources
 f61f27bd17de546264aa58f40f3aafaac7021e0ef69c17f6b1b4cd7664a037ec               20 non-free/source/Sources.gz
SHA512:
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e                0 Release
 de5b226bc80f769c0f551ca4efa9d27835b205c012e92180e467d85c902157d6b17aabfd71f9b0badb1a21abec98ba601cda38fc3b5c949935a5f37b690b18c5            21614 non-free/binary-amd64/Packages
 a7c70a334a95af990e895abf3490846f6e62fbe45e870627590c12e33daa02810cba026aca10e4fca057a9e35f86b36bb50564a19b1f215306df4989c526aaf8             6238 non-free/binary-amd64/Packages.bz2
 7b03405577893b0a7e182c1cf7377ed6cecaa36610f8ee46ad47be1632cbd4ff3437687f15a88afdce6b59c060ebe435e8d68461780d043e8dac49c83b0fa98c             6420 non-free/binary-amd64/Packages.gz
 001c6545284593bbbcb7b8e0641081bc65b81aa145fcddfca7116decaa4ce8725501c15b40a7c6bb1082df36428d01130c274c8c899faace84b80e5c23f09e29            21580 non-free/binary-i386/Packages
 7b08dfe6f82732fdd01adc60f6afa43cb0ed843054448a5c1adb7b514e19e0263250929580a435d41c67892291edac29485cdd022705cda6607ec77a9aa5aa80             6247 non-free/binary-i386/Packages.bz2
 6d4c04547ad7325e38250e22755cb361bcd0b58e47652ba2542592f67e17b127a24633824664af75cacb86b5a7a38af5455ea4592a63dd62c6be71c7eb5db726             6467 non-free/binary-i386/Packages.gz
 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e                0 non-free/source/Sources
 1b46b9b08d5b338be9d732a1724795b2eab63daffde377218727c90857b79fe6a47bceed495117fcde60f7339812ef75ef4c69f82dd79fb69b6cbf8006b521f2               20 non-free/source/Sources.gz