Cloudflared PKG NO_PUBKEY Error


I’m having an issue installing the cloudflared package on Ubuntu Server 20.04 hardened with CIS Level 2 Benchmark. (although I don’t think the hardening is causing the issue)
See below:

I’ve followed the instructions from the PKG documentation which has worked fine on my Ubuntu 22.04.2 servers, so I’m not sure what I’m missing.

Cloudflared hasn’t used the apt key in a while and you should remove it.

What does your /etc/apt/sources.list.d/cloudflared.list show as it should be

deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] focal main

I’ve removed the apt key.

Output of /etc/apt/sources.list.d/cloudflared.list:

deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] focal main

Looks correct from what I can tell.

This does look correct

Are you still getting the apt error with the apt key removed? I have the same setup and don’t see any error.

Yep - Removed the key with sudo apt-key del. The only other thing I can think of is that somehow the CIS hardening is preventing this from working, but I don’t understand how or why.

I can’t imagine CIS hardening effecting this. I would try removing the apt list and key and redoing it to see if that helps

I tried that too. I deleted the apt list and the GPG key and reran the steps from the documentation.

Do you get any about when you run gpg --show-keys /usr/share/keyrings/cloudflare-main.gpg. Maybe the key is getting corrupted.

Looks correct to me:

It all looks right to me. Maybe another @MVP might have an idea for this


Usage of the apt-key adv --keyserver --recv-keys KEY_HERE looks good.

May I ask, have you tried using non-signed and modifying the .list file by commeting signed / temporary ignoring it, or allowing insecure upgrades? :thinking:

I am using Debian or Raspbian mostly. I’ve had once the issue with the key, but … how did I solve it, can’t recall at the moment. Will write back…

Gave it a go. /etc/apt/sources.list.d/cloudflared.list now looks like:

deb [trusted=yes] focal main

With this config I am able to install cloudflared, although the GPG warning does persist.

W: GPG error: focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 254B391D8CACCBF8

I wonder, the directory /usr/share/keyrings had 755, but what about the downloaded .gpg file? Did it had the CHMOD set to the 644, or? :thinking:

Using apt update and/or apt clean doesn’t help neither?

You’re right, it’s fixed now. Must have been foobarred permissions. Running sudo chmod 755 /usr/share/keyrings/cloudflare-main.gpg fixed the issue. Thanks all.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.