Problem Description:
I’m unable to update my packages with apt update due to it not being able to find a public key for noble-apps-updates InRelease
Relevant System Information:
A couple of weeks ago I added a 3rd party repository (for OpenModelica), I’m not sure if this is what broke it, possibly.
Screenshots or Error Messages:
When running sudo apt update I get these errors:
Err:9 noble-apps-security InReleaseThe following signatures couldn’t be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
Err:10 noble-apps-updates InReleaseThe following signatures couldn’t be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
gpg: key AB01A101DB53907B: public key "Ubuntu Apps Automatic Signing Key <esm@canonical.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
But the error is unchanged when I try to update.
I also tried to follow the answer here. However I didn’t know what I should put into the https://example.com/EXAMPLE.gpg section. I tried https://esm.ubuntu.com/apps/ubuntu/noble-apps-security.gpg also https://esm.ubuntu.com/apps/ubuntu/dists/noble-apps-updates/InRelease.gpg as well as a few similar combinations, but I couldn’t find an address which actually pointed to a key.
Also my update-manager gui is broken and I can’t reinstall it due to unmet dependencies, but I assume that’s the same root issue with lack of keys.
Since the repositories you are talking about are managed via Ubuntu Pro, please also check with the pro status command on your system if they are generally enabled in your Ubuntu Pro subscription…
Hit:1 http://dl.openfoam.org/ubuntu noble InRelease
Hit:2 http://gb.archive.ubuntu.com/ubuntu noble InRelease
Get:3 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:4 http://gb.archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Hit:5 https://brave-browser-apt-release.s3.brave.com stable InRelease
Get:6 https://esm.ubuntu.com/apps/ubuntu noble-apps-security InRelease [8,371 B]
Hit:8 https://ppa.launchpadcontent.net/freecad-maintainers/freecad-daily/ubuntu noble InRelease
Hit:9 https://updates.signal.org/desktop/apt xenial InRelease
Get:10 https://esm.ubuntu.com/apps/ubuntu noble-apps-updates InRelease [8,220 B]
Hit:11 https://ppa.launchpadcontent.net/freecad-maintainers/freecad-stable/ubuntu noble InRelease
Get:12 http://gb.archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Hit:13 https://ppa.launchpadcontent.net/ubuntu-toolchain-r/test/ubuntu noble InRelease
Get:14 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [21.5 kB]
Err:6 https://esm.ubuntu.com/apps/ubuntu noble-apps-security InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
Get:15 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Components [212 B]
Get:16 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Components [74.2 kB]
Get:17 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [212 B]
Err:10 https://esm.ubuntu.com/apps/ubuntu noble-apps-updates InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
Get:18 http://gb.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [1,837 kB]
Get:19 http://gb.archive.ubuntu.com/ubuntu noble-updates/main Translation-en [336 kB]
Get:20 http://gb.archive.ubuntu.com/ubuntu noble-updates/main amd64 Components [177 kB]
Get:21 http://gb.archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [2,819 kB]
Get:22 http://gb.archive.ubuntu.com/ubuntu noble-updates/restricted Translation-en [652 kB]
Get:23 http://gb.archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Components [212 B]
Get:24 http://gb.archive.ubuntu.com/ubuntu noble-updates/universe amd64 Components [386 kB]
Get:25 http://gb.archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Components [940 B]
Get:26 http://gb.archive.ubuntu.com/ubuntu noble-backports/main amd64 Components [7,384 B]
Get:27 http://gb.archive.ubuntu.com/ubuntu noble-backports/restricted amd64 Components [212 B]
Get:28 http://gb.archive.ubuntu.com/ubuntu noble-backports/universe amd64 Components [13.2 kB]
Get:29 http://gb.archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 Components [212 B]
Hit:7 https://sourceforge.net/projects/openfoam/files/repos/deb noble InRelease
Fetched 6,721 kB in 8s (795 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up-to-date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://esm.ubuntu.com/apps/ubuntu noble-apps-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://esm.ubuntu.com/apps/ubuntu noble-apps-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
N: Skipping acquisition of configured file 'main/binary-i386/Packages', as repository 'https://dl.openfoam.com/repos/deb noble InRelease' doesn't support architecture 'i386'
W: Failed to fetch https://esm.ubuntu.com/apps/ubuntu/dists/noble-apps-security/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
W: Failed to fetch https://esm.ubuntu.com/apps/ubuntu/dists/noble-apps-updates/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AB01A101DB53907B
W: Some index files failed to download. They have been ignored, or old ones used instead.
N: Missing Signed-By in the sources.list(5) entry for 'http://dl.openfoam.org/ubuntu'
```
So I tried installing the pro client (I’m not sure how I lost it in the first place, I got it when I first set up the machine), but this fails:
:~$ sudo apt install ubuntu-advantage-tools
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following NEW packages will be installed
ubuntu-advantage-tools
0 to upgrade, 1 to newly install, 0 to remove and 0 not to upgrade.
Need to get 10.9 kB of archives.
After this operation, 84.0 kB of additional disk space will be used.
Get:1 http://gb.archive.ubuntu.com/ubuntu noble-updates/universe amd64 ubuntu-advantage-tools all 37.1ubuntu0~24.04 [10.9 kB]
Fetched 10.9 kB in 1s (13.9 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ubuntu-advantage-tools.
(Reading database ... 520426 files and directories currently installed.)
Preparing to unpack .../ubuntu-advantage-tools_37.1ubuntu0~24.04_all.deb ...
Unpacking ubuntu-advantage-tools (37.1ubuntu0~24.04) ...
Setting up ubuntu-advantage-tools (37.1ubuntu0~24.04) ...
Traceback (most recent call last):
File "<string>", line 2, in <module>
ModuleNotFoundError: No module named 'uaclient'
Traceback (most recent call last):
File "/usr/lib/ubuntu-advantage/migrate_user_config.py", line 17, in <module>
from uaclient import defaults, messages
ModuleNotFoundError: No module named 'uaclient'
dpkg: error processing package ubuntu-advantage-tools (--configure):
installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
ubuntu-advantage-tools
E: Sub-process /usr/bin/dpkg returned an error code (1)
That should definitely bring the uaclient module along.
You seem to have quite a few external repos and PPAs enabled, it could well be that one of them installed conflicting packages that removed or replaced some basic bits of the OS …
Why is your system thinking it is an i386 (32bit only) system ? What is the output of
Trying to install pro-client doesn’t bring in the uaclient module:
~$ sudo apt install ubuntu-pro-client
[sudo] password for timbo:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ubuntu-pro-client is already the newest version (99+p24.04+vrelease+git20250904.1337).
ubuntu-pro-client set to manually installed.
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Setting up ubuntu-advantage-tools (37.1ubuntu0~24.04) ...
Traceback (most recent call last):
File "<string>", line 2, in <module>
ModuleNotFoundError: No module named 'uaclient'
Traceback (most recent call last):
File "/usr/lib/ubuntu-advantage/migrate_user_config.py", line 17, in <module>
from uaclient import defaults, messages
ModuleNotFoundError: No module named 'uaclient'
dpkg: error processing package ubuntu-advantage-tools (--configure):
installed ubuntu-advantage-tools package post-installation script subprocess returned error exit status 1
Errors were encountered while processing:
ubuntu-advantage-tools
E: Sub-process /usr/bin/dpkg returned an error code (1)
The architecture is definitely 64 bit! The output of print-architecture is amd64.
I think I have made a bit of a Horlicks of this system all round! It was originally 20.04 and it’s gone through 22.04 and 24.04 so far. I’m thinking that when 26.04 comes out it will be time to fully wipe it and start with a fresh install. However I could do with it limping along a bit longer until that comes out and I have time to do it properly. The OpenFOAM error isn’t related to the current problems, I’ve had OpenFOAM on it. I did more recently install OpenModelica following these instructions: https://openmodelica.org/download/download-linux/ so it’s possible that this has as you’ve said installed some conflicting packages which have caused this problem, I had also thought that so I have now gone into my /etc/apt/sources.list.d folder and found anything with OpenModelica in it and commented it out, but that didn’t work.
This is not even remotely a valid version number for this package, check with:
apt policy ubuntu-pro-client
Where your system thinks you got it from …
You can see all valid versions of the pro client (which is built from the ubuntu-advantage-tools source package) at:
EDIT: TBH, I slowly start to doubt this machine even runs (or ever ran) a clean Ubuntu, this looks like a heavily hacked up OS, are you sure this is/was actually Ubuntu at all and not some (very badly hacked (and potentially highly insecure)) unapproved derivative ?
It definitely started as a clean simple Ubuntu 20.04 installation 5 years ago, but since then I must admit I’ve got it into a state! I’m not sure where it’s finding these odd package versions from. Could they be from some unstable Daily build type source? I didn’t intentionally set that, but perhaps something I did caused that.
Your policy output shows that it does not come from any archive at all …
And the version numbering indicates the same. By design .deb packages can only go forward, when someone prefixes a version with 99 like in your case it indicates that they tried to prevent this package from ever being installed from the archive at all, the missing repository relation (showing “100 /var/lib/dpkg/status” means the package is not in any package archive this system knows) indicates that someone likely manually injected this package somehow into the installation ISO, which is typical for people building unauthorized derivatives without knowing what they do…
The original iso was downloaded from the official Get Ubuntu | Download | Ubuntu website, installed some time back in 2021. Since then it’s done two major upgrades (to 22.04 and to 24.04) all downloaded normally from official sources (using the gui wizards). All updates have always gone fine until now. This is a recent problem, the only thing I can think of that I’ve done recently which was remotely unusual was installing OpenModelica following these instructions, but I can’t see anything in them which should have broken it.
When you say this, is this just because (for some reason) it no longer has the keys to access the package archive so in that sense doesn’t know it? So if I could fix the public key not available errors then it could update its package achive?
And as I said, this looks more like a side-loaded, injected package to me, perhaps you had a repo enabled in the past where it lived that is now disabled … the massively bumped version (99+ prefix) would then have forced it into your system …the problem is that you will not know what else this archive has broken or replaced (could be a key logger, could be that something quietly hooks up your machine to a botnet in the background or it could just be completely harmless and just the work of some bungler)
If it lost the keys it would still have the Packages file from that archive and just complain that it is not able to verify it but it would still list the respective place it came from.
If it only knows that there is a local entry in /var/lib/dpkg/status it means the whole info about the archive is gone from your machine, not just the keys … (or that the package was initially injected into the ISO or manually installed by you with the dpkg -i … command)
There are people who have got themselves into similar situations with very similar version numbers of packages here, here and here. These all seem to be in some way related to KDE. It’s possible at sometime I’ve somehow installed some packages or added a repo intended for KDE instead of Gnome which has resulted in these getting installed. If I can restablish my connection to the correct repos then I can replace these packages with the correct ones, but I can’t really do anything until I can do that, so how can I replace those missing keys?
You would not be able to even if you had these repos re-enabled due to the extremely high package version they picked…
apt and dpkg would simply refuse to go to a lower version of the package, what Ian wrote above is a possible way of getting that particular package back on your machine in a proper version but the general issue shows that you installed software from some repo maintained by people that seem to either at least be clueless about debian packaging or actually have some evil intention to replace packages with something potentially malicious and it will be hard to tell what other packages on your system are in a condition like this …