27

The old QGIS key ring qgis-2017.gpg.key is expired and generates a warning during apt update today.

Following the QGIS instructions, I tried to update the key as follows:

wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
gpg --fingerprint 51F523511C7028C3

But instead of the normal output, I get an error:

$ wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
--2019-08-16 18:36:35--  https://qgis.org/downloads/qgis-2019.gpg.key
Resolving qgis.org (qgis.org)... 104.27.138.220, 104.27.139.220, 2606:4700:30::681b:8bdc, ...
Connecting to qgis.org (qgis.org)|104.27.138.220|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1839 (1.8K) [application/pgp-keys]
Saving to: ‘STDOUT’

-                   100%[===================>]   1.80K  --.-KB/s    in 0s      

2019-08-16 18:36:35 (33.3 MB/s) - written to stdout [1839/1839]

gpg: key 51F523511C7028C3: 1 signature not checked due to a missing key
gpg: no writable keyring found: Not found
gpg: error reading '[stdin]': General error
gpg: import from '[stdin]' failed: General error
gpg: Total number processed: 0

How can I fix the error please?

Improve this question
3
  • what apt repository are you using? The one for "cosmic" still uses the expired 2017 key :-(
    – Dakatine
    Commented Aug 19, 2019 at 12:25
  • 2
    @Dakatine I am using deb https://qgis.org/debian bionic main in /etc/apt/sources.list.
    – tinlyx
    Commented Aug 19, 2019 at 23:28
  • thank you. Unfortunately it is not working here on Ubuntu 10.10.
    – Dakatine
    Commented Aug 20, 2019 at 14:36

5 Answers 5

Reset to default
59

Based on old notes, the following seems to work:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 51F523511C7028C3

-- Update --

As of August 2020:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key F7E06F06199EF2F2

As of August 2021:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-key 46B5721DBBD2996A

Or alternatively, as pointed out by 4ndts's answer (and in the updated documentation):

wget -qO - https://qgis.org/downloads/qgis-$(date +%Y).gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import

The above determines year from current date. If that's not accurate, the latest is:

wget -qO - https://qgis.org/downloads/qgis-2022.gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import
Improve this answer
2
  • 2
    On Ubuntu 19.04 this also solved the following problem for me. W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: qgis.org/debian disco InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51F523511C7028C3
    – Dennis
    Commented Aug 18, 2019 at 20:04
  • On Ubuntu 16.04 (Xenial) this is not working. When I try to update I get "W: Failed to fetch qgis.org/ubuntugis/dists/xenial/InRelease The following signatures were invalid: KEYEXPIRED 1565999960"
    – Daniel
    Commented Aug 22, 2019 at 14:40
9

After you have verified the fingerprint you forgot to add the key to apt with:

gpg --export --armor 51F523511C7028C3 | sudo apt-key add -

Read the QGIS documentation. All the instructions are:

wget -O - https://qgis.org/downloads/qgis-2019.gpg.key | gpg --import
gpg --fingerprint 51F523511C7028C3
gpg --export --armor 51F523511C7028C3 | sudo apt-key add -
Improve this answer
6

QGIS Key is rotated every year, if there is an error like this, u may check follow link whether it has new key: https://download.qgis.org/downloads/

On the other hand, the fingerprint also change accordingly, example in year 2021, it was 46B5721DBBD2996A, and 2022, it was D155B8E6A419C5BE

It's easy to generate new download link for every year, but I cannot find a way to get fingerprint automatically, I found a trick by looking at the error

1. First I use 2022 key with 2021 key by executing the command below:

wget -O - https://qgis.org/downloads/qgis-2022.gpg.key | gpg --import \
    && gpg --export --armor 46B5721DBBD2996A | apt-key add -

2. then I've an error which mentions gpt key, as below:

gpg: key D155B8E6A419C5BE: 1 signature not checked due to a missing key
gpg: key D155B8E6A419C5BE: "QGIS Archive Automatic Signing Key (2022-2027) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: no valid OpenPGP data found.

3. Then I just update my command as below, and then it works

wget -O - https://qgis.org/downloads/qgis-2022.gpg.key | gpg --import \
    && gpg --export --armor D155B8E6A419C5BE | apt-key add -
Improve this answer
3

This worked for me in November 2022:

curl https://download.qgis.org/downloads/qgis-2022.gpg.key | sudo apt-key add -
Improve this answer
1

gpg --fingerprint 51F523511C7028C3 returns uid [ expired].

There's a 2021 key:

wget -qO - https://qgis.org/downloads/qgis-2021.gpg.key | sudo gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/qgis-archive.gpg --import

sudo chmod a+r /etc/apt/trusted.gpg.d/qgis-archive.gpg
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.