[SOLVED] WAPT update on Debian bookworm: public key problem

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
elb
Messages: 3
Registration: February 5, 2026 - 9:50 AM

February 5, 2026 - 10:11

Good morning,

Under Debian 12.13, with a WAPT Server version: 2.6.1.17576, I wanted to perform a version upgrade, but I am encountering an error when updating the repositories.

According to the documentation, I have correctly updated the GPG key, but I am encountering the following error which I do not understand:

Get:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease [3,852 B]
Err:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Failed to fetch https://wapt.tranquil.it/Debian/wapt-2. ... /InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Some index files failed to download. They have been ignored, or old ones used instead.
The GPG key verification result seems to match expectations:

gpg --show-keys /usr/share/keyrings/tiswapt-pub.gpg
pub rsa4096 2023-02-22 [SC]
4282FBE84E0F7E923E8F54909C10034123C0FCD5
uid Tranquil IT Systems <technique@tranquil.it>
sub rsa4096 2023-02-22 [E]
If you have any leads, I'm all ears.
THANKS
Ewen
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

February 5, 2026 - 12:35

Hello Ewen,

Could you please check the format of the gpg key (binary or base64-encoded):

binary version:

Code: Select all

root@trixie:~# sha256sum tiswapt-pub-2026.gpg
0a9ab3b2f82be2711d578868f77d59527c5ac6c78258ad0aac89c9b836782448  tiswapt-pub-2026.gpg
base64 "armored" version:

Code: Select all

root@trixie:~# sha256sum tiswapt-pub-2026.gpg.asc 
3060e6eade0432a33843acd4fa8038f0b6b662b9c042c3cff0bf1da76fcb7ae5  tiswapt-pub-2026.gpg.asc
The gpg command line works with both formats. I initially included the armored base64 version with the gpg extension during the initial release. Apparently, recent versions of apt accept this, but for older versions, the .asc extension must be used for armored base64 versions.

I fixed that in the repositories. If you run the apt cache cleanup and retrieve the key again, it should work:

Code: Select all

apt clean
sudo bash -c 'wget -qO- https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub-2026.gpg > /usr/share/keyrings/tiswapt-pub.gpg'
apt update
Sincerely,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
elb
Messages: 3
Registration: February 5, 2026 - 9:50 AM

February 5, 2026 - 1:12 PM

Hello Denis,

The result of the command for the gpg file is as follows:
sha256sum tiswapt-pub.gpg
0a9ab3b2f82be2711d578868f77d59527c5ac6c78258ad0aac89c9b836782448 tiswapt-pub.gpg
So it's more of a binary version, but the file is called tiswapt-pub.gpg on my system, and I don't have the equivalent in ".asc".

But even after the cleanup, the update still fails:
Get:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease [3,852 B]
Err:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
Fetched 3,852 B in 1s (5,625 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Failed to fetch https://wapt.tranquil.it/Debian/wapt-2. ... /InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Some index files failed to download. They have been ignored, or old ones used instead.
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

February 5, 2026 - 1:33 PM

Hello again Ewen,

Do you have the following line (with the signed-by) in the apt configuration?

Code: Select all

root@trixie:~# cat /etc/apt/sources.list.d/wapt.list 
deb [signed-by=/usr/share/keyrings/tiswapt-pub.gpg] https://wapt.tranquil.it/Debian/wapt-2.6/ trixie main
At one time, the key was placed in /etc/apt/trusted.gpg.d, and the signed-by option wasn't used. This new syntax is better for ensuring that you're certain which signature to use for which repository.

Sincerely,

Denis

PS: We kept the same name locally for the documentation for simplicity. tiswapt-pub-2026.gpg is for download.
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
elb
Messages: 3
Registration: February 5, 2026 - 9:50 AM

February 5, 2026 - 3:28 PM

The problem was indeed due to the apt configuration.

Thank you.
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

February 5, 2026 - 4:23 PM

Hi again Ewen,

thanks for the feedback, :-)

I'm marking the topic as resolved.

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to "WAPT Server"


  • To go further with WAPT