Error adding qgis.org repository public key to apt keyring

Question

The old QGIS key ring qgis-2017.gpg.key is expired and generates a warning during apt update today.

Following the QGIS instructions, I tried to update the key as follows:

wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
gpg --fingerprint 51F523511C7028C3

But instead of the normal output, I get an error:

$ wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
--2019-08-16 18:36:35--  https://qgis.org/downloads/qgis-2019.gpg.key
Resolving qgis.org (qgis.org)... 104.27.138.220, 104.27.139.220, 2606:4700:30::681b:8bdc, ...
Connecting to qgis.org (qgis.org)|104.27.138.220|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1839 (1.8K) [application/pgp-keys]
Saving to: ‘STDOUT’

-                   100%[===================>]   1.80K  --.-KB/s    in 0s      

2019-08-16 18:36:35 (33.3 MB/s) - written to stdout [1839/1839]

gpg: key 51F523511C7028C3: 1 signature not checked due to a missing key
gpg: no writable keyring found: Not found
gpg: error reading '[stdin]': General error
gpg: import from '[stdin]' failed: General error
gpg: Total number processed: 0

How can I fix the error please?

what apt repository are you using? The one for "cosmic" still uses the expired 2017 key :-( — Dakatine, Aug 19 '19 at 12:25
@Dakatine I am using deb https://qgis.org/debian bionic main in /etc/apt/sources.list. — tinlyx, Aug 19 '19 at 23:28
thank you. Unfortunately it is not working here on Ubuntu 10.10. — Dakatine, Aug 20 '19 at 14:36

tinlyx · Accepted Answer · 2022-10-29T09:55:35.117

58

Based on old notes, the following seems to work:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 51F523511C7028C3

-- Update --

As of August 2020:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key F7E06F06199EF2F2

As of August 2021:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 46B5721DBBD2996A

Or alternatively, as pointed out by 4ndts's answer (and in the updated documentation):

wget -qO - https://qgis.org/downloads/qgis-$(date +%Y).gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import

The above determines year from current date. If that's not accurate, the latest is:

wget -qO - https://qgis.org/downloads/qgis-2022.gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import

edited Oct 29 '22 at 09:55

answered Aug 17 '19 at 00:57

tinlyx

11,057
18
71
119

2

On Ubuntu 19.04 this also solved the following problem for me. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://qgis.org/debian disco InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51F523511C7028C3 – Dennis Aug 18 '19 at 20:04
On Ubuntu 16.04 (Xenial) this is not working. When I try to update I get "W: Failed to fetch http://qgis.org/ubuntugis/dists/xenial/InRelease The following signatures were invalid: KEYEXPIRED 1565999960" – Daniel Aug 22 '19 at 14:40

score 9 · Answer 2 · answered Aug 21 '19 at 10:04

After you have verified the fingerprint you forgot to add the key to apt with:

gpg --export --armor 51F523511C7028C3 | sudo apt-key add -

Read the QGIS documentation. All the instructions are:

wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
gpg --fingerprint 51F523511C7028C3
gpg --export --armor 51F523511C7028C3 | sudo apt-key add -

score 5 · Answer 3 · answered Aug 19 '22 at 04:51

QGIS Key is rotated every year, if there is an error like this, u may check follow link whether it has new key: https://download.qgis.org/downloads/

On the other hand, the fingerprint also change accordingly, example in year 2021, it was 46B5721DBBD2996A, and 2022, it was D155B8E6A419C5BE

It's easy to generate new download link for every year, but I cannot find a way to get fingerprint automatically, I found a trick by looking at the error

1. First I use 2022 key with 2021 key by executing the command below:

wget -O - https://qgis.org/downloads/qgis-2022.gpg.key | gpg --import \
    && gpg --export --armor 46B5721DBBD2996A | apt-key add -

2. then I've an error which mentions gpt key, as below:

gpg: key D155B8E6A419C5BE: 1 signature not checked due to a missing key
gpg: key D155B8E6A419C5BE: "QGIS Archive Automatic Signing Key (2022-2027) <qgis-developer@lists.osgeo.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: no valid OpenPGP data found.

3. Then I just update my command as below, and then it works

wget -O - https://qgis.org/downloads/qgis-2022.gpg.key | gpg --import \
    && gpg --export --armor D155B8E6A419C5BE | apt-key add -

score 3 · Answer 4 · answered Nov 18 '22 at 17:01

3

This worked for me in November 2022:

curl https://download.qgis.org/downloads/qgis-2022.gpg.key | sudo apt-key add -

answered Nov 18 '22 at 17:01

ilowerp

31
1

score 1 · Answer 5 · edited Aug 19 '21 at 14:29

1

gpg --fingerprint 51F523511C7028C3 returns uid [ expired].

There's a 2021 key:

wget -qO - https://qgis.org/downloads/qgis-2021.gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import
sudo chmod a+r /etc/apt/trusted.gpg.d/qgis-archive.gpg

edited Aug 19 '21 at 14:29

Kadir Şahbaz

76,800
56
247
389

answered Aug 19 '21 at 13:02

hci

21
2

Error adding qgis.org repository public key to apt keyring

5 Answers5

Linked