Do I have to add the public key for the repository for installing R?

Question

I follow https://cloud.r-project.org/bin/linux/ubuntu/README.html to install R

$ echo "deb https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/" | sudo tee -a /etc/apt/sources.list
$ sudo apt-get update
...
Err:14 https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/ InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51716619E084DAB9
Reading package lists... Done 
E: The repository 'http://ppa.launchpad.net/adrozdoff/emacs/ubuntu bionic Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
N: Skipping acquire of configured file 'contrib/binary-i386/Packages' as repository 'https://download.virtualbox.org/virtualbox/debian bionic InRelease' doesn't support architecture 'i386'
W: GPG error: https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51716619E084DAB9
E: The repository 'https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/ InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
...
$ sudo apt-get install r-base

Does the error message from apt-get update mean that I have to add the public key for the repository?

What are some consequences if I leave it?

Why can I still run apt-get install r-base?

Why does the following fail?

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
Executing: /tmp/apt-key-gpghome.Z9eYn6e4zV/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
gpg: keyserver receive failed: Server indicated a failure

Thanks.

Answer 1

I found this looking on gogle(in spanish):

As i see in the log of the console, you have to add some keys(not only the R related, maybe the other ones are about dependencies of the program)

The page say about a key manager, something to easy a bit the problem of add keys:

You should do this:

$ sudo apt-get install add-apt-key

Then:

$ sudo su -
# add-apt-key --keyserver keyserver.ubuntu.com 51716619E084DAB9

I also found another way here(English, askubuntu forum; see the acepted answer)

I hope that this work for your problem.

Answer 2

The repository mentioned in UBUNTU PACKAGES FOR R includes latest version which is 3.6. However, for 18.04, Ubuntu's Universe repository still have v3.4. Even if you don't add R's official repository you can still install r-base but obviously that would be v3.4.

Does the error message from apt-get update mean that I have to add the public key for the repository?

Yes if you want to continue using that repository. APT is a very secure package management tool. It uses that public key to authenticate downloaded packages. For full documentation, read SecureAPT - Debian.

What are some consequences if I leave it?

APT will keep on complaining and you won't be able to download packages from R's official repositories.

Why can I still run apt-get install r-base?

Because r-base is available in Ubuntu's Universe repository too. You can run apt-cache policy r-base to check which version you'll get from which repository.

Why does the following fail?

$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
Executing: /tmp/apt-key-gpghome.Z9eYn6e4zV/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 51716619E084DAB9
gpg: keyserver receive failed: Server indicated a failure

Seems like a temporary server side issue. I tried adding the key using the same command and it succeeded.

Answer 3

Signing your repository is just another way of making it secure and authenticating packages. Official repositories will always have a gpg key. If you own a repository, it is your choice if you would like to maintain a certificate and signing methods in your organisation.

By default apt will always look for a gpg, and without one it will ignore the repository's content. You can skip the gpg check by adding the --allow-unauthenticated option to apt-get. This requires a sudo operation.

example: sudo apt-get --allow-unauthenticated upgrade, sudo apt-get -y --allow-unauthenticated install foo.

You may also make this option permanent by using your own config file at /etc/apt/apt.conf.d/ directory.

In your conf file simply add APT::Get::AllowUnauthenticated "true"; stanza.

Answer 4

I could solve this problem (on January 2021) by the following instructions provided here and in the r-project site. The summary was

$ sudo apt-key adv --keyserver keys.gnupg.net --recv-key 'E19F5F87128899B192B1A2C2AD5F960A256A04AF'

But it failed: "gpg: keyserver receive failed: Server indicated a failure"
According to the info. at the r-project site it can be due to "a firewall blocking port 11371". In that case what can be done is:

1. Search for 0xE19F5F87128899B192B1A2C2AD5F960A256A04AF at https://keyserver.ubuntu.com.
   
2. Copy the key block shown when klicking on the link in the line starting with pub (The key starts with -----BEGIN PGP PUBLIC KEY BLOCK----- ) into a plain text file which name ends with *.asc (for instance: file_with_key.asc)
3. In the directory where the *.asc file is stored run:

$ sudo apt-key add file_with_key.asc

4 [Edit]. Add the reppositroy. Here it is a bit tricky. The command's formula is:

$ sudo add-apt-repository 'A_url'

Where I have found different options like
deb https://cloud.r-project.org/bin/linux/debian buster-cran35/
deb https://cloud.r-project.org/bin/linux/ubuntu bionic-cran35/
deb http://cloud.r-project.org/bin/linux/debian buster-cran40/
etc. Depending on the system and version you want.
5. Install R

$ sudo apt-get update # Here you should see the cloud.r-project 
$ apt-get install r-base r-base-dev

6. Check the R version

$ R --version