Debian Repository GPG Key

Since version 4.0 (Etch), Debian has been using 'Secure Apt' so that users can be sure that the repository they are downloading packages from has not been compromised. This page shows how to import the gpg key that we use for signing Opsview package repositories so that you can make use of secure apt with our repository. For more information, see the Debian Wiki page on secure apt.

Releases of Debian prior to Etch do not make use of secure apt and therefore this will not apply to those releases. You will also need to ensure that you have the 'gpg' package installed in order to validate the gpg signatures.

Before importing the key, we see warning messages such as this when running an 'apt-get update':

W: GPG error: http://apt.opsview.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FB4C675977CB2CF6

The “NO_PUBKEY” portion of this message indicates that your system does not have the public key for this repository and so cannot verify its contents. To correct this, first import the key to your gpg keyring with the following command as root (or via sudo):

gpg --keyserver subkeys.pgp.net --recv-key 77CB2CF6

Occasionally the service at subkeys.pgp.net is congested, please be patient. The key must now be given to apt-key, as this tool manages the repository verification. To do so, run the following command as root (or via sudo):

gpg --export --armor 77CB2CF6 | apt-key add -

Note: if using sudo, don't forget to add a second sudo command after the pipe:

sudo gpg --export --armor 77CB2CF6 | sudo apt-key add -

Running an 'apt-get update' should now no longer give warnings about this repository.