How to add the APT key for Microsoft packages

apt keyrings microsoft

8,335

Never mind, the error message was kind of misleading.

The problem was that my sources.list file (that I had taken from Microsoft's own instructions) was pointing to a non-existent key file:

deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main

I removed the signed-by option from the square brackets, and everything worked.

8,335

Author by

Tobia

Updated on September 18, 2022

Comments

Tobia over 1 year

I'm trying to install some packages from the Microsoft APT Repository (because I hate Snap with a passion!) but I can't seem to be able to add its key:

$ curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
OK

It says OK, but the key doesn't work:

$ sudo apt update
[...]
Err:7 https://packages.microsoft.com/repos/vscode stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Reading package lists... Done
W: GPG error: https://packages.microsoft.com/repos/vscode stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/repos/vscode stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I also tried retrieving the key starting from the NO_PUBKEY id printed by apt-get:

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF
Executing: /tmp/apt-key-gpghome.q9IjlmqKv9/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF
gpg: key EB3E94ADBE1229CF: "Microsoft (Release signing) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

It says "not changed" and in fact, nothing changes.

If I check the output of apt-key list I see that all third-party keys have a sub rsa4096 except Microsoft's. Is this why it doesn't work?

$ sudo apt-key list 
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <[email protected]>
sub   rsa4096 2017-05-08 [S]

pub   rsa4096 2016-04-12 [SC]
      EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
uid           [ unknown] Google Inc. (Linux Packages Signing Authority) <[email protected]>
sub   rsa4096 2019-07-22 [S] [expires: 2022-07-21]

pub   rsa4096 2014-06-13 [SC]
      9FD3 B784 BC1C 6FC3 1A8A  0A1C 1655 A0AB 6857 6280
uid           [ unknown] NodeSource <[email protected]>
sub   rsa4096 2014-06-13 [E]

pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <[email protected]>

[...]

How do I solve this issue?

Ubuntu 20.04 focal

nobody almost 4 years

have you seen this site? docs.microsoft.com/en-us/dotnet/core/install/…
Kulfy almost 4 years

I'm not able to reproduce the issue in 20.04 with exactly same key and repository.