A few days back, when I was trying to install snoopy on my system, I came across an apt-key error. I have faced this error before as well but this time I tried to dig more into the issue. After all, we can’t let the same problem trouble us more than it has to.
When we run into such obstacles, they present good opportunities to break down and understand how things work. We must avail them and become better at our jobs. That being said, we do also have an outstanding community online to help provide solutions with reliable references without getting our hands dirty.
Let’s start with this screenshot of the error I encountered:
Why do we face this error –
At the time of
apt update or
apt install, the apt CLI verifies the signature of the release file.
Seems like a lot of technical terms? Let’s break it down:
apt-key is used to manage a list of keys used by the apt CLI to authenticate packages. Packages that have been authenticated using these keys will be considered trusted. Basically, in case a package does not have a valid signature, an error like the above is thrown. For more information, please read here.
As apt install suggests, the apt cli also install packages for us with package verification. You might have also noticed that apt never ask for dependencies. How does this work? So apt checks for dependencies… download the package and verifies it and then tell dpkg to install it. Under the hood, it is dpkg that is installing your packages not apt.
Steps I followed to reach a solution
Initially, I tried to perform the task by updating the key list. It involved removing all the expired keys and removing the error key as well. As expected, this did not solve the issue. The error was now switched to the key not found.
Now that I was forced to try another approach, I went through the official script to see if snoopy has any dependency, in case the installation of those packages is through a third party. I found the following dependencies of snoopy:
autoconf, curl, gcc, git, gzip, libtool, m4, make, procps, socat, tar, and wget.
I, first, installed the dependencies manually and then installed snoopy which worked. In my case, the snoopy package has one or more dependencies that were not verified and installing dependencies from a trusted path did help.
What can be the other solutions?
A really easy one would be to use
--allow-unauthenticated flag with apt CLI and, voila, your packages will be installed but this is not a safe way and must be avoided.
There can also be a case where the remote repository apt CLI is pulling from is obsolete or has been discontinued. In that case, we can remove or comment on the repository name inside
/etc/apt/sources.list file to stop it from being used.
-f flag is used with install/remove, it can omit any packages to permit APT to deduce a likely solution. If packages are specified, these have to completely correct the problem. APT itself does not allow broken package dependencies to exist on a system.
It is possible that a system’s dependency structure can be so corrupt as to require manual intervention (which usually means using dpkg –remove to eliminate some of the offending packages). Use of this option together with -m may produce an error in some situations.
The packages can sometimes be damaged after the removal or modification of files in them. Reinstalling the affected package is the easiest way to retrieve these files. Unfortunately, the packaging system finds that the package is already installed and politely refuses to reinstall it; to avoid this, use the
--reinstall option of the apt CLI command.
This was an exploration from my end, apt being a vast topic, there is a lot more to explore. I hope one of these methods helps in providing or, at least, leading to a solution for the readers. Feel free to comment, points I might have missed, and your feedback or even your experiences with this error. It would be highly appreciated!
Blog Pundit: Adeel Ahmad & Abhishek Dubey
Opstree is an End to End DevOps solution provider