21

I have a couple of Google Clouds compute instances (US, Germany, Australia)

While doing 

apt-get update

today I get:

> Get:10 http://packages.cloud.google.com/apt
> google-cloud-packages-archive-keyring-stretch InRelease [3,876 B]
> Err:6 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB 
> Err:7 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease   
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB 
> Err:10 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease   
>   The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB

On all of them. Is there anything I need to do, or is this a corruption on Google packages?

Thanks

Yves

BxlSofty
  • 753

5 Answers5

47

If you followed the guide here: https://cloud.google.com/sdk/docs/install#deb and used the signed-by option, then you need to provide apt-key with the --keyring option:

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
Nikolai Røed Kristiansen
  • 609
24

Found the issue here: https://cloud.google.com/compute/docs/troubleshooting/known-issues#keyexpired

So you just need to run this before to apt-get update:

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
BxlSofty
  • 753
1

The only command that ended up working for me on Ubuntu 22.04.2 was adapted from this GitHub comment: https://github.com/kubernetes/release/issues/1982#issuecomment-1415573798

# Use of gpg dearmor and dd required to get the key in the expected format
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | 
  gpg --dearmor | sudo dd status=none of=/usr/share/keyrings/cloud.google.gpg

Reference the keyring as documented if not done already


echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | 
  sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list


Now update should run successfully


sudo apt-get update
gsf
  • 291
0

Modern Debian 10 uses alternative scheme for registering package signing keys, following Ansible script demonstrates it:

- name: Add GCP Apt signing keys.
  ansible.builtin.apt_key:
    id: "{{ item }}"
    url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
    keyring: /usr/share/keyrings/gcp-deb-keys.gpg
  loop:
    # Rapture Automatic Signing Key, expires: 2023-03-02
    - "7F92E05B31093BEF5A3C2D38FEEA9169307EA071"
    # gLinux Rapture Automatic Signing Key, expires: 2022-12-04
    - "59FE0256827269DC81578F928B57C5C2836F4BEB"

    

  • name: Add GCP repo for Cloud SDK.
apt_repository:
  filename: "gcp-google-cloud-sdk"
  repo: "deb [signed-by=/usr/share/keyrings/gcp-deb-keys.gpg] https://packages.cloud.google.com/apt cloud-sdk-buster main"
  state: present
    • 



Contains: google-compute-engine-oslogin, google-osconfig-agent


    

  • name: Add GCP repo for Compute Engine setup.
apt_repository:
  filename: "gcp-compute-engine"
  repo: "deb [signed-by=/usr/share/keyrings/gcp-deb-keys.gpg] https://packages.cloud.google.com/apt google-compute-engine-buster-stable main"
  state: present
    •
gavenkoa
  • 1,002
  • 10
  • 13
0

Here's what worked for me (in 2023)

echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update
sudo apt-get install -y google-cloud-sdk

This was originally a line in a dockerfile, so you may need to add some sudos to the commands above.

The oneline dockerfile instruction is:

RUN echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - && apt-get update && apt-get install -y google-cloud-sdk
Erwann Millon
  • 1