I was trying to recompile and rebuild libevent2 source from oneiric on my natty server and I had a small error with gpg not being able to check signature
# dpkg-source -x libevent_2.0.12-stable-1.dsc
gpgv: Signature made Fri Jun 17 07:12:50 2011 PDT using DSA key ID 7ADF9466
gpgv: Can't check signature: public key not found
dpkg-source: warning: failed to verify signature on ./libevent_2.0.12-stable-1.dsc
Any idea how to fix this warning?
I believe the conventional solution is to install the GnuPG keys of Debian Developers package:
sudo apt-get install debian-keyring
First of all, you should import the key to local keyring as @enzotib instructed:
gpg --keyserver keyserver.ubuntu.com --recv-keys 7ADF9466
Then export the key to your local trustedkeys to make it trusted:
gpg --no-default-keyring -a --export 7ADF9466 | gpg --no-default-keyring --keyring ~/.gnupg/trustedkeys.gpg --import -
~/.gnupg/trustedkeys.gpg did not exist.
– Stéphane Gourichon
Jun 12 '17 at 17:04
You should import the key to local keyring with the following command:
gpg --keyserver keyserver.ubuntu.com --recv-keys 7ADF9466
Then, try again the command.
7ADF9466 is indeed the correct signing key if it does not exist in the keyring package? What prevents a man in the middle from serving a dsc file signed with a different key (possibly even a different key with the same 32 bit hash).
– kasperd
Aug 10 '14 at 19:35
apt-get source. But installing thedebian-keyringpackage worked, as @ændrük suggests. – fjarlq May 05 '14 at 18:54