📖 ~1 min read
Table of contents
Symptom & Impact
apt update fails with NO_PUBKEY and security updates are blocked.
Environment & Reproduction
Ubuntu 22.04 LTS host with third-party entries in /etc/apt/sources.list.d and missing signed-by keyring.
Root Cause Analysis
Repository metadata is signed by a key not installed under /usr/share/keyrings or referenced incorrectly.
Quick Triage
Run apt update and inspect the fingerprint in the NO_PUBKEY message.
Step-by-Step Diagnosis
Compare source list signed-by paths with real keyring files in /usr/share/keyrings.
Solution – Primary Fix
Import vendor key with gpg –dearmor, update signed-by in the source file, then rerun apt update.
Still having issues? Our Managed IT Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Disable the faulty third-party repo and continue patching from official jammy repositories.
Verification & Acceptance Criteria
apt update completes without GPG errors and apt policy lists healthy repository metadata.
Rollback Plan
Remove the added source entry and keyring file, then run apt update to return to baseline.
Prevention & Hardening
Use per-repository signed-by keyrings and monitor key expiry dates.
Automate patch management and compliance across your fleet with our DevOps services.
Related Errors & Cross-Refs
EXPKEYSIG and InRelease signature failures are related apt trust issues.
Related tutorial: View the step-by-step tutorial for Ubuntu 22.04 LTS.
View all Ubuntu 22.04 LTS tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
Ubuntu 22.04 apt-secure and signed-by repository configuration guidance.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
