ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange
Ask Your Question

ROS-Lunar Install on Debian Stretch: apt-key deprecation

asked 2017-11-13 22:17:30 -0500

imcmahon gravatar image

updated 2017-11-13 22:26:55 -0500

On a fresh install of Debian Stretch, I ran into an issue when using the ROS Lunar Debian Install instructions [1]. The apt-key error output:

$ sudo apt-key adv -v --keyserver hkp:// --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
Executing: /tmp/apt-key-gpghome.AaDAEF/ -v --keyserver hkp:// --recv-key 421C365BD9FF1F717815A3895523BAEEB01FA116
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/tmp/apt-key-gpghome.ArFCphGHwI/S.dirmngr' failed: No such file or directory
gpg: keyserver receive failed: No dirmngr

After googling around a bit, it seems the Debian team has deprecated the use of apt-key [2]. Users say a workaround is to install the package dirmngr to keep using apt-key, but the Debian community recommends against this in Stretch and beyond.

Instead there is a Debian tutorial on adding trusted keys via https to a Stretch install [3], which basically boils down to needing to retrieve keys using something like the following:

wget -O /usr/share/keyrings/deriv-archive-keyring.gpg

My question: can I grab the gpg keys from the via wget? Does OSRF have any other method for distributing gpg keys over https? It seems other users may have run into this issue, without knowing the root cause [4] & [5].


edit retag flag offensive close merge delete


Related question: #q264654.

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 01:36:23 -0500 )edit

My answer to that question also mentions it's a work-around, and something more structural would need to be found.

As to wgetting the key: sure: the key is located at

One issue with that: the certificate there is not valid for, but that ..

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 01:39:12 -0500 )edit

.. could be solved.

Not using apt-key was how all install tutorials did it btw, before switching to apt-key.

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 01:41:37 -0500 )edit

The ros-lunar-ros-core Docker image just installs dirmngr and gnupg2 at the moment (here).

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 01:42:24 -0500 )edit

@gvhoorn I think it's fine for us to recommend using the workaround and install dirmngr and gnupg2 for now. A a minimum, we need to update the Lunar Debian install guide to include this step, and we should open a ticket to address the issue properly. Where should I submit such a ticket?

imcmahon gravatar image imcmahon  ( 2017-11-14 08:17:52 -0500 )edit

Hm. Not sure.

For the wiki I would either just edit the relevant pages, or perhaps if we'd want to discuss this first, post something on ros-infrastructure/roswiki/issues. Really a guess though.

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 08:35:28 -0500 )edit

Perhaps this could be discussed on ROS Discourse. That would probably be a better venue than the roswiki issue tracker.

gvdhoorn gravatar image gvdhoorn  ( 2017-11-14 08:35:54 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2018-01-23 02:18:26 -0500

tfoote gravatar image

There are lots of places you can get the ROS key. The most visible is:

There is a bigger question of what is the best way to replace apt-key as debian is changing their recommended toolchain.

We used to wget from that url, but the best practices from the debian community was to use the key server instead of wget or curl.

We should find the new recommended best practice and switch our documentation and tutorials over to use that method. Which I think uses dirmngr but I haven't researched it too much. There are many people who spend a lot of time thinking about this we should find their discussions and leverage it.

edit flag offensive delete link more

Question Tools

1 follower


Asked: 2017-11-13 22:17:30 -0500

Seen: 1,353 times

Last updated: Jan 23 '18