Failing to get Public Key (openHAB installation Linux Debian)

MDAR · July 6, 2022, 1:05pm

I’m trying to setup a fresh machine, as I have issues with the VNC connection to QLCplus, so I am starting from a vanilla system to see where the trouble starts.

However… It’s not as simple as I had expected.

It would seem that the method of getting the repository key for openHAB has changed.

From this page openHAB on Linux | openHAB I followed these instrictions :-

curl -fsSL "https://openhab.jfrog.io/artifactory/api/gpg/key/public" | gpg --dearmor > openhab.pgp
sudo mkdir /usr/share/keyrings
sudo mv openhab.pgp /usr/share/keyrings
sudo chmod u=rw,g=r,o=r /usr/share/keyrings/openhab.pgp

Unfortunately, all I get is this error

Get:7 https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease [12.8 kB]
Err:7 https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 075721F6A224060A
Reading package lists... Done
W: GPG error: https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 075721F6A224060A
E: The repository 'https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

hmerk · July 6, 2022, 2:20pm

Updated instructions can be found here

rlkoshak · July 6, 2022, 3:12pm

Which command did you run to add the repo .list file?

In addition to changes to how the GPG key is downloaded and installed, the line added to openhab.list is changed to use that key.

Make sure the line looks like:

deb [signed-by=/usr/share/keyrings/openhab.gpg] https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main

in /etc/apt/sources.list.d/openhab.list

Notice the “signed-by” part. That’s new too.

MDAR · July 6, 2022, 3:19pm

That’s the very link I’ve used for years and the (updated) instructions from that page are the ones I’ve used.

MDAR · July 6, 2022, 3:20pm

Thanks.

I always use the Stable rep, with instructions from the same page.

rlkoshak · July 6, 2022, 3:27pm

Have you confirmed that the “signed-by” is actually in your openhab.list file?

MDAR · July 6, 2022, 3:41pm

I’ll have to check when I get back to my office, but this was the command line I used

echo 'deb [signed-by=/usr/share/keyrings/openhab.gpg] https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' | sudo tee /etc/apt/sources.list.d/openhab.list

rlkoshak · July 6, 2022, 4:14pm

One of the following is going on:

The signed-by part of the line didn’t work
The openhab.gpg file didn’t get created or became corrupted or something like that. Make sure that there is a /usr/share/keyrings/openhab.gpg file.
You’re running an older version of apt which doesn’t support using gpg keys like this. I don’t know when having separate keys for individual repos was added to apt. It’s only recently that it’s become the “best practice”.

srodionov · July 7, 2022, 5:51am

same issue on my end on Ubuntu

Get:10 https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease [12.8 kB]                                                    
Err:10 https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease  
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 075721F6A224060A
Hit:11 https://download.sublimetext.com apt/stable/ InRelease
Reading package lists... Done                            
W: GPG error: https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 075721F6A224060A
E: The repository 'https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

rlkoshak · July 7, 2022, 1:56pm

I just saw a PR go past sometime yesterday. There was a typo in the instructions. The echo "deb... command is using the wrong extension for the key. It should be pgp, not gpg.

srodionov · July 8, 2022, 4:27pm

it works, thanks

MDAR · July 11, 2022, 8:01am

Thanks Rick

That change makes it work perfectly.

echo 'deb [signed-by=/usr/share/keyrings/openhab.pgp] https://openhab.jfrog.io/artifactory/openhab-linuxpkg stable main' | sudo tee /etc/apt/sources.list.d/openhab.list

Daniel_Bello · July 13, 2022, 2:10am

It works for me too. Thanks!

Fythios · July 18, 2022, 1:02am

Thanks for this! I am curious though should it be gpg or pgp? I notice all the other keys I have in that fold are *.gpg. Not that is will stop it from working either way. It just stands out to me.

rlkoshak · July 18, 2022, 1:44pm

The docs have been updated to use gpg.

ssalonen · July 19, 2022, 5:35am

Huh? Next documentation still mixes up both openHAB on Linux | openHAB

hmerk · July 19, 2022, 7:12am

As we are on the release, it is not next documentation….

ssalonen · July 19, 2022, 8:01am

@hmerk same applies for release docs at openHAB on Linux | openHAB. Ctrl+F pgp and ctrl+F gpg

hmerk · July 19, 2022, 9:56am

@rlkoshak @Confectrician Have the changes not been merged?

rlkoshak · July 19, 2022, 1:37pm

Someone else filed an PR for the docs and I filed PR for the main web site and both were merged. I didn’t double check the PR for the docs page. I can confirm that it’s right on the downloads page but yes, it does appear to still be wrong in the docs. I’m not sure what could have gone wrong though.