When running apt-get update on Debian-based Google Cloud instances, you might encounter this signature verification error:
Err:6 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB
This occurs because the system can't verify package authenticity without the proper GPG key. The missing key ID 6A030B21BA07F4FB is specifically for Google's Debian package repositories.
The most straightforward solution is to manually import the missing key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6A030B21BA07F4FB
sudo apt-get update
If the key server approach fails (which sometimes happens with firewalls or DNS issues), try these methods:
Method 1: Download the key directly
wget -q -O - https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
sudo apt-get update
Method 2: Reinstall Google's keyring package
sudo apt-get install --reinstall google-cloud-sdk google-compute-engine
sudo apt-get update
After applying any solution, verify the key exists in your keyring:
apt-key list | grep 6A030B21BA07F4FB
You should see output similar to:
pub rsa4096 2018-03-07 [SC] [expires: 2023-03-05]
6A03 0B21 BA07 F4FB
uid [ unknown] Google Cloud Packages Automatic Signing Key <gc-team@google.com>
To avoid similar issues in the future:
- Regularly update all packages:
sudo apt-get update && sudo apt-get upgrade -y - Monitor Google's known issues page
- Consider setting up unattended upgrades for security updates
For infrastructure-as-code setups, include this in your provisioning scripts:
# Ensure Google's package sources exist
if ! grep -q "packages.cloud.google.com" /etc/apt/sources.list.d/google-cloud.list; then
echo "deb http://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud.list
echo "deb http://packages.cloud.google.com/apt google-compute-engine-stretch-stable main" | sudo tee -a /etc/apt/sources.list.d/google-cloud.list
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
fi
When running apt-get update on Google Cloud Compute Engine instances (Debian Stretch), you might encounter this error:
Err:6 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB
This affects multiple repositories including:
- cloud-sdk-stretch
- google-compute-engine-stretch-stable
- google-cloud-packages-archive-keyring-stretch
The error occurs when the system can't verify package signatures because the required GPG key isn't in your keyring. This typically happens when:
- Google rotates their signing keys
- Local keyring becomes outdated
- Package sources were added without proper key import
To fix this, manually add the missing key:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6A030B21BA07F4FB
sudo apt-get update
If the above doesn't work due to firewall restrictions, try this alternative:
gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 6A030B21BA07F4FB
gpg --export --armor 6A030B21BA07F4FB | sudo apt-key add -
sudo apt-get update
For Google Cloud instances, the most reliable solution is to reinstall the keyring package:
sudo apt-get install --reinstall google-cloud-packages-archive-keyring
sudo apt-get update
After applying the fix, verify the key exists:
apt-key list | grep 6A030B21BA07F4FB
You should see output similar to:
pub rsa4096 2021-04-14 [SC] [expires: 2026-04-13]
6A30 0B21 BA07 F4FB Google Cloud Packages Automatic Signing Key
If you need to fix this across multiple instances, create a startup script:
#!/bin/bash
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6A030B21BA07F4FB
apt-get update
- Regularly update all packages:
sudo apt-get update && sudo apt-get upgrade - Monitor Google Cloud's known issues page
- Consider setting up automated monitoring for apt errors