Page 1 of 1
[SOLVED] WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 10:11 AM
by elb
Good morning,
Under Debian 12.13, with a WAPT Server version: 2.6.1.17576, I wanted to perform a version upgrade, but I am encountering an error when updating the repositories.
According to the documentation, I have correctly updated the GPG key, but I am encountering the following error which I do not understand:
Get:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease [3,852 B]
Err:4 https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Failed to fetch https://wapt.tranquil.it/Debian/wapt-2. ... /InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Some index files failed to download. They have been ignored, or old ones used instead.
The GPG key verification result seems to match expectations:
gpg --show-keys /usr/share/keyrings/tiswapt-pub.gpg
pub rsa4096 2023-02-22 [SC]
4282FBE84E0F7E923E8F54909C10034123C0FCD5
uid Tranquil IT Systems <technique@tranquil.it>
sub rsa4096 2023-02-22 [E]
If you have any leads, I'm all ears.
THANKS
Ewen
Re: WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 12:35 PM
by dcardon
Hello Ewen,
Could you please check the format of the gpg key (binary or base64-encoded):
binary version:
Code: Select all
root@trixie:~# sha256sum tiswapt-pub-2026.gpg
0a9ab3b2f82be2711d578868f77d59527c5ac6c78258ad0aac89c9b836782448 tiswapt-pub-2026.gpg
base64 "armored" version:
Code: Select all
root@trixie:~# sha256sum tiswapt-pub-2026.gpg.asc
3060e6eade0432a33843acd4fa8038f0b6b662b9c042c3cff0bf1da76fcb7ae5 tiswapt-pub-2026.gpg.asc
The gpg command line works with both formats. I initially included the armored base64 version with the gpg extension during the initial release. Apparently, recent versions of apt accept this, but for older versions, the .asc extension must be used for armored base64 versions.
I fixed that in the repositories. If you run the apt cache cleanup and retrieve the key again, it should work:
Code: Select all
apt clean
sudo bash -c 'wget -qO- https://wapt.tranquil.it/$(lsb_release -is)/tiswapt-pub-2026.gpg > /usr/share/keyrings/tiswapt-pub.gpg'
apt update
Sincerely,
Denis
Re: WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 1:12 PM
by elb
Hello Denis,
The result of the command for the gpg file is as follows:
sha256sum tiswapt-pub.gpg
0a9ab3b2f82be2711d578868f77d59527c5ac6c78258ad0aac89c9b836782448 tiswapt-pub.gpg
So it's more of a binary version, but the file is called tiswapt-pub.gpg on my system, and I don't have the equivalent in ".asc".
But even after the cleanup, the update still fails:
Get:4
https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease [3,852 B]
Err:4
https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
Fetched 3,852 B in 1s (5,625 B/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
1 package can be upgraded. Run 'apt list --upgradable' to see it.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error:
https://wapt.tranquil.it/Debian/wapt-2.6 bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Failed to fetch
https://wapt.tranquil.it/Debian/wapt-2. ... /InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9C10034123C0FCD5
W: Some index files failed to download. They have been ignored, or old ones used instead.
Re: WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 1:33 PM
by dcardon
Hello again Ewen,
Do you have the following line (with the signed-by) in the apt configuration?
Code: Select all
root@trixie:~# cat /etc/apt/sources.list.d/wapt.list
deb [signed-by=/usr/share/keyrings/tiswapt-pub.gpg] https://wapt.tranquil.it/Debian/wapt-2.6/ trixie main
At one time, the key was placed in /etc/apt/trusted.gpg.d, and the signed-by option wasn't used. This new syntax is better for ensuring that you're certain which signature to use for which repository.
Sincerely,
Denis
PS: We kept the same name locally for the documentation for simplicity. tiswapt-pub-2026.gpg is for download.
Re: WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 3:28 PM
by elb
The problem was indeed due to the apt configuration.
Thank you.
Re: WAPT update on Debian bookworm: public key problem
Published: February 5, 2026 - 4:23 PM
by dcardon
Hi again Ewen,
thanks for the feedback,
I'm marking the topic as resolved.
Denis