For what it is worth, I've just re-installed stretch and the problem is gone.Perhaps I just did something thumb-fingered...
Earlier this week (april 17) I installed debian stretch on my desktop computer, using the Debian Installer Stretch RC3 release, found here:https://www.debian.org/devel/debian-installer/
The system is now in place and works fine, with this caveat:When I do apt-get update, I get the following output
Get:1 http://ftp.us.debian.org/debian stretch InRelease [186 kB]Ign:1 http://ftp.us.debian.org/debian stretch InReleaseFetched 186 kB in 0s (410 kB/s)Reading package lists... DoneW: GPG error: http://ftp.us.debian.org/debian stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8B48AD6246925553 NO_PUBKEY 7638D0442B90D010W: The repository 'http://ftp.us.debian.org/debian stretch InRelease' is not signed.N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.N: See apt-secure(8) manpage for repository creation and user configuration details.
(My /etc/apt/sources.list just contains
deb http://ftp.us.debian.org/debian/ stretch main non-free deb-src http://ftp.us.debian.org/debian/ stretch main non-free
)
Of course, this is "just" a warning - I can still do update/upgrade/dist-upgrade via apt-get; I get the above complaint, but it still works.
I first noticed the/a problem when I tried to do the following:
wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
I get the output:
gpg: WARNING: nothing exportedgpg: no valid OpenPGP data found.gpg: Total number processed: 0
(For what it is worth, I tried adding other signatures in this way, and didn't succeed -- same error. And I saving the result of the wget to a file, and calling apt-get key with file name as argument -- same error, again.)
Anyhow, I don't recall getting the warning from "apt-get update"until after doing the above command attempting to install a signing key. Now it happens consistently.
I searched and read a fair amount about this; I think for a while I believed it was related to the following reddit-debian-discussion. I'm pretty sure at some point I had a report that the _apt user couldn't read the keyring. Thus, I may have changed the permissions of file "trusted.gpg" here in /etc/apt:
drwxr-xr-x 2 root root 4.0K Apr 17 14:31 apt.conf.d -rw-r--r-- 1 root root 104 Apr 17 13:04 listchanges.conf drwxr-xr-x 2 root root 4.0K Apr 1 15:39 preferences.d -rw-r--r-- 1 root root 142 Apr 19 12:05 sources.list -rw-r--r-- 1 root root 126 Apr 18 15:44 sources.list~ drwxr-xr-x 2 root root 4.0K Apr 18 15:44 sources.list.d -rw-r--r-- 1 root root 193 Apr 18 15:44 sources.list.save -rw------- 1 root root 1.2K Apr 18 14:56 trustdb.gpg -rw-r--r-- 1 root root 32 Apr 18 11:16 trusted.gpg drwxr-xr-x 2 root root 4.0K Apr 18 15:17 trusted.gpg.d
(though anyhow the permissions on that file now match the permissionson the files in ./trusted.gpg.d, so I doubt this is a problem(?))
Also FWIW: gpg works fine for users on this machine.
Final datapoint: I have another debian-box -- a laptop. On that machine, I just upgraded from jessie to stretch last week, and I don't have this problem -- apt-get update doesn't report warnings. (I guess I haven't yet tried to do an "apt-key add" since upgrading to stretch, though...)
Arguably, the warning is not such a big deal, and maybe this will be solved by software upgrades. But it feels broken to not be able to add package signing keys with apt-key. And: if there is something glitchy about my configuration, I ought to know that...
Thanks for any assistance/advice!!