1

I could before, this error started to pop up and after that I wasn't able to:

7,898 kB were fetched in 2 s (3,370 kB/s).
Reading package lists… Done
Building dependency tree… Done
Status information is being read in… Done
Update available for 6 packages. Run "apt list --upgradable" to view them.
W: An error occurred while verifying the signature. The depot has not been updated and the previous index files are used. 
GPG Error: https://repo.protonvpn.com/debian stable InRelease: The following signatures could not be verified because their public key is not available: NO_PUBKEY 4EDE055B645F044F 
W: Failed to get from https://repo.protonvpn.com/debian/dists/stable/InRelease The following signatures could not be verified because their public key is not available: NO_PUBKEY 4EDE055B645F044F
W: Some index files could not be downloaded. They were ignored or old ones were used in their place.
John Carter
  • 527
Srecko Mitrovic
  • 11
  • 2

1 Answers1

0

Welcome Srecko to the forum.

I'm using Google translate to see this in English. Hopefully we can communicate okay like this.

Problem

The public key for the ProtonVPN repository is missing, causing the signature verification to fail.

Manufacturer's Instructions

I think they are not following standard process, which makes this difficult. However, if you follow steps 1 through 4 it might resolve your issue.

Ref: https://protonvpn.com/support/official-linux-vpn-mx-linux/

  1. Install the Proton VPN repository

Just double-click the downloaded DEB file and follow the prompts given by your default package manager (or right click →Install Deb files on the Xfce desktop).

Please don’t try to check the GPG signature of this release package (dpkg-sig –verify). Our internal release process is split into several part and the release package is signed with a GPG key, and the repo is signed with another GPG key. So the keys don’t match.

If you want to check the repo package integrity, you can check its checksum with the following command:

echo "c68a0b8dad58ab75080eed7cb989e5634fc88fca051703139c025352a6ee19ad protonvpn-stable-release_1.0.3-2_all.deb" | sha256sum --check -

The remainder of this answer is informational.

GPG Missing Key Errors

Here's how to verify the PKI public key when GPG shows it as missing.

  1. Start with the Source

I'm unable to use curl to list repo.protonvpn.com/debian/ directory, but you can view it in the web browser: https://repo.protonvpn.com/debian/. The public key is there.

  1. Key ID

The Key ID is derived from the Public Key. Here's how to download it and then derive:

wget -O protonvpn_public_key.asc https://repo.protonvpn.com/debian/public_key.asc
gpg --import --with-fingerprint protonvpn_public_key.asc

It matches the output you gave in the post.

gpg: key 4EDE055B645F044F: public key "Proton Technologies AG opensource@proton.me" imported

GPG Explanation

Debian and Ubuntu both utilize GPG (GNU Privacy Guard) for package management and maintenance. It performs these functions:

  1. Package Signing
  2. Repository Verification
  3. Key Management
  4. Security Enhancements

The error is saying the software cannot be updated (or maintained) because GPG cannot find the key to verify it's security. The Ubuntu Repository configuration must point to the correct URL so that it can find the public key.

Configuration:
Repository configurations are in the file /etc/apt/sources.list and the directory /etc/apt/sources.list.d/ (within another files).

Key Location:
https://repo.protonvpn.com/debian/public_key.asc

So you have to make sure your computer's configuration is pointed to the right place.

Logs

A great resource for finding a root cause are logs. For this issue the APT logs are most applicable.

tail -n 100 /var/log/apt/history.log
cat /var/log/apt/history.log | grep -E -i "error|refused|failed|proton"
sudo grep -E -i "error|refused|failed|proton" /var/log/apt/history.log /var/log/auth.log /var/log/syslog /var/log/dpkg.log
musicman1979
  • 1,147
  • 1
  • 9
  • 26