If you want to enable GPG signature checks enabled in your apt clients, please make sure to download the GPG public Key from the upstream registry and use that path in your apt client configuration.
Below is the example for ElasticSearch repository, using a debian remote repository myseardeb with the upstream URL as "https://artifacts.elastic.co/packages/8.x/apt".
As per the ElasticSearch documentation, package and metadata are signed with the same key and you can download it and use it in your Apt configuration.
I have added my remote repository to the Apt configuration /etc/apt/sources.list as follows.
Sample snippet of downloading a package from the Artifactory Elasticsearch repo:
Alternatively, you can directly import GPG Key using the key and Keyserver mentioned by the repository provider.
If the key is not specified in the Apt configuration and you receive an error as follows, you can use the above command to resolve the error.
deb [signed-by=<path to the GPG public Key>] <Repository-URL> <DISTRIBUTION> <COMPONENT>
Below is the example for ElasticSearch repository, using a debian remote repository myseardeb with the upstream URL as "https://artifacts.elastic.co/packages/8.x/apt".
As per the ElasticSearch documentation, package and metadata are signed with the same key and you can download it and use it in your Apt configuration.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
I have added my remote repository to the Apt configuration /etc/apt/sources.list as follows.
deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] http://artifactory_host:8082/artifactory/mysearchdeb stable main
Sample snippet of downloading a package from the Artifactory Elasticsearch repo:
apt install filebeat
root@test-ubuntu:/etc/apt# apt-get update Hit:1 http://artifactory_host:8082/artifactory/mysearchdeb stable InRelease Reading package lists... Done root@test-ubuntu:/etc/apt# apt install filebeat Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: filebeat 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/41.8 MB of archives. After this operation, 155 MB of additional disk space will be used. Selecting previously unselected package filebeat. (Reading database ... 150600 files and directories currently installed.) Preparing to unpack .../filebeat_8.6.1_amd64.deb ... Unpacking filebeat (8.6.1) ... Setting up filebeat (8.6.1) ... Processing triggers for systemd (237-3ubuntu10.56) ... Processing triggers for ureadahead (0.100.0-21) ... root@test-ubuntu:/etc/apt#
Alternatively, you can directly import GPG Key using the key and Keyserver mentioned by the repository provider.
apt-key adv --keyserver <keyserver_name> --recv-keys <keyid>In this case,
apt-key adv --keyserver pgp.mit.edu --recv-keys D88E42B4
If the key is not specified in the Apt configuration and you receive an error as follows, you can use the above command to resolve the error.
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY <keyid>