Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Rex Kneisley-4
Hey Guys,

So I recently did a fresh install of Debian 9.0 (Stretch).

Now I'm trying to reinstall all of my software.

I had Sublime Text installed in 8.6 (Jessie)

But when I try to install Sublime Text, I encounter the following error when trying to add the PGP key to apt-key.

root@debian-rig:/home/rexk# wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
gpg: WARNING: nothing exported
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

This process worked flawlessly in Debian Jessie

Is the Sublime Text gpg key formatted wrong since now version 2.1.18 is built in to Debian?

root@debian-rig:/home/rexk# gpg --version
gpg (GnuPG) 2.1.18
libgcrypt 1.7.6-beta
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /root/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2


By the way, I can download this key directly and import it in the GnuPG Keyring without any problems.

root@debian-rig:/home/rexk# gpg --import sublimehq-pub.gpg
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key ADAE6AD28A8F901A: public key "Sublime HQ Pty Ltd <[hidden email]>" imported
gpg: Total number processed: 1
gpg:               imported: 1


--
Sincerely,


Rex Kneisley

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Daniel Kahn Gillmor-7
Hi Rex--

On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
> root@debian-rig:/home/rexk# wget -qO -
> https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
> gpg: WARNING: nothing exported
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

While it's a common recommendation, "apt-key add -" is generally a bad
idea, because it mixes the fetched keys in with all the other keys.
It's a better idea to fetch the keys for a given repository separately
and mark them as acceptable only for this specific repo.

Since you're using debian stable (stretch), you might want to read:

    https://wiki.debian.org/DebianRepository/UseThirdParty

From its suggestions, if you want to add the sublime repo (which i have
never vetted and am not personally recommending here), you might prefer
to do the following on debian stretch:

    wget -O /usr/share/keyring/sublimehq-pub.gpg.asc https://download.sublimetext.com/sublimehq-pub.gpg
    gpg --dearmor < /usr/share/keyring/sublimehq-pub.gpg.asc > /usr/share/keyring/sublimehq-pub.gpg
    echo 'deb [signed-by=/usr/share/keyring/sublimehq-pub.gpg] https://download.sublimetext.com/ apt/stable/' > /etc/apt/sources.list.d/sublime.list

This makes it so the sublime repository key is not accepted for
certifying the main debian repos (which it should not be doing).

I suspect that the problem you were having may have to do with the
ascii-armoring on the fetched file, which is why i've included the
--dearmor line in the middle of the three steps above.

hope this helps,

     --dkg

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (847 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Darac Marjal
On Tue, Jun 20, 2017 at 01:56:57PM -0400, Daniel Kahn Gillmor wrote:

>Hi Rex--
>
>On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
>> root@debian-rig:/home/rexk# wget -qO -
>> https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
>> gpg: WARNING: nothing exported
>> gpg: no valid OpenPGP data found.
>> gpg: Total number processed: 0
>
>While it's a common recommendation, "apt-key add -" is generally a bad
>idea, because it mixes the fetched keys in with all the other keys.
>It's a better idea to fetch the keys for a given repository separately
>and mark them as acceptable only for this specific repo.
>
>Since you're using debian stable (stretch), you might want to read:
>
>    https://wiki.debian.org/DebianRepository/UseThirdParty
>
>From its suggestions, if you want to add the sublime repo (which i have
>never vetted and am not personally recommending here), you might prefer
>to do the following on debian stretch:
>
>    wget -O /usr/share/keyring/sublimehq-pub.gpg.asc https://download.sublimetext.com/sublimehq-pub.gpg
>    gpg --dearmor < /usr/share/keyring/sublimehq-pub.gpg.asc > /usr/share/keyring/sublimehq-pub.gpg
>    echo 'deb [signed-by=/usr/share/keyring/sublimehq-pub.gpg] https://download.sublimetext.com/ apt/stable/' > /etc/apt/sources.list.d/sublime.list
Thank you. I've been meaning to switch my apt sources over to this style
for a while, but couldn't seem to get apt to see the separate keys. It
looks like I was missing out the "[signed-by=...]" part.

>
>This makes it so the sublime repository key is not accepted for
>certifying the main debian repos (which it should not be doing).
>
>I suspect that the problem you were having may have to do with the
>ascii-armoring on the fetched file, which is why i've included the
>--dearmor line in the middle of the three steps above.
>
>hope this helps,
>
>     --dkg


>_______________________________________________
>Gnupg-users mailing list
>[hidden email]
>http://lists.gnupg.org/mailman/listinfo/gnupg-users


--
For more information, please reread.

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

signature.asc (923 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Having trouble adding gpg key to apt keyring in Debian 9.0 (Stretch)

Rex Kneisley-4
In reply to this post by Daniel Kahn Gillmor-7
Thank you Daniel. As it turns out my difficulties were mostly being caused by the fact that I had some how "broken" my apt updates. I was playing around with backports in Debian 9.0 Stretch in order to properly download and install Tor-Browser-Launcher.
I suspect that because Debian 9.0 is so new, the back-ports are still a bit flakey. Things are working now after a fresh re-install.

I appreciate your suggestion for setting up separate key repositories. I will use this method moving forward.

Rex

On Tue, Jun 20, 2017 at 10:56 AM, Daniel Kahn Gillmor <[hidden email]> wrote:
Hi Rex--

On Tue 2017-06-20 08:43:16 -0700, Rex Kneisley wrote:
> root@debian-rig:/home/rexk# wget -qO -
> https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
> gpg: WARNING: nothing exported
> gpg: no valid OpenPGP data found.
> gpg: Total number processed: 0

While it's a common recommendation, "apt-key add -" is generally a bad
idea, because it mixes the fetched keys in with all the other keys.
It's a better idea to fetch the keys for a given repository separately
and mark them as acceptable only for this specific repo.

Since you're using debian stable (stretch), you might want to read:

    https://wiki.debian.org/DebianRepository/UseThirdParty

From its suggestions, if you want to add the sublime repo (which i have
never vetted and am not personally recommending here), you might prefer
to do the following on debian stretch:

    wget -O /usr/share/keyring/sublimehq-pub.gpg.asc https://download.sublimetext.com/sublimehq-pub.gpg
    gpg --dearmor < /usr/share/keyring/sublimehq-pub.gpg.asc > /usr/share/keyring/sublimehq-pub.gpg
    echo 'deb [signed-by=/usr/share/keyring/sublimehq-pub.gpg] https://download.sublimetext.com/ apt/stable/' > /etc/apt/sources.list.d/sublime.list

This makes it so the sublime repository key is not accepted for
certifying the main debian repos (which it should not be doing).

I suspect that the problem you were having may have to do with the
ascii-armoring on the fetched file, which is why i've included the
--dearmor line in the middle of the three steps above.

hope this helps,

     --dkg



--
Sincerely,


Rex Kneisley

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Loading...