🟠 High   ⏱ 5–30 min  Last verified: 19 May 2026
Affected versions: Ubuntu 24.04 LTS Ubuntu 24.04 Ubuntu 24.04.1

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Repository metadata cannot be trusted, so updates and installs fail.

Environment & Reproduction

Occurs after adding third-party repositories without proper keyring configuration.

sudo apt-get update
ls -l /etc/apt/keyrings

Root Cause Analysis

The signing key is missing, outdated, or not linked through signed-by in source entries.

Quick Triage

Locate the failing repository and key fingerprint from apt output.

sudo grep -R '^deb ' /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null

Step-by-Step Diagnosis

Inspect repository files and keyring references.

grep -R 'signed-by' /etc/apt/sources.list /etc/apt/sources.list.d 2>/dev/null
ls -l /etc/apt/keyrings
Illustrative mockup for ubuntu-24-04-lts — terminal_or_console
Diagnosis commands for post 153 — Illustrative mockup — Progressive Robot

Solution – Primary Fix

Install the correct vendor key to /etc/apt/keyrings and update source configuration.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

curl -fsSL  | sudo gpg --dearmor -o /etc/apt/keyrings/vendor.gpg
sudo apt-get update
Illustrative mockup for ubuntu-24-04-lts — log_or_dashboard
Fix validation evidence for post 153 — Illustrative mockup — Progressive Robot

Solution – Alternative Approaches

Disable untrusted repositories until valid signed metadata is available.

sudo sed -i 's/^deb/#deb/g' /etc/apt/sources.list.d/.list

Verification & Acceptance Criteria

apt update runs without NO_PUBKEY or signature verification errors.

sudo apt-get update

Rollback Plan

Remove incorrect keyring file and restore previous source list backup.

sudo rm -f /etc/apt/keyrings/vendor.gpg

Prevention & Hardening

Require signed-by keyrings for all external repos and document fingerprints.

sudo apt-config dump | grep -i trusted

Related to InRelease signature mismatch and expired signing keys.

Related tutorial: View the step-by-step tutorial for Ubuntu 24.04 LTS.

View all Ubuntu 24.04 LTS tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Ubuntu secure apt repository and keyring guidance.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.