How to add the APT key for Microsoft packages

Question

I'm trying to install some packages from the Microsoft APT Repository (because I hate Snap with a passion!) but I can't seem to be able to add its key:

$ curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
OK

It says OK, but the key doesn't work:

$ sudo apt update
[...]
Err:7 https://packages.microsoft.com/repos/vscode stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
Reading package lists... Done
W: GPG error: https://packages.microsoft.com/repos/vscode stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY EB3E94ADBE1229CF
E: The repository 'https://packages.microsoft.com/repos/vscode stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I also tried retrieving the key starting from the NO_PUBKEY id printed by apt-get:

$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF
Executing: /tmp/apt-key-gpghome.q9IjlmqKv9/gpg.1.sh --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF
gpg: key EB3E94ADBE1229CF: "Microsoft (Release signing) <gpgsecurity@microsoft.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

It says "not changed" and in fact, nothing changes.

If I check the output of apt-key list I see that all third-party keys have a sub rsa4096 except Microsoft's. Is this why it doesn't work?

$ sudo apt-key list 
/etc/apt/trusted.gpg
--------------------
pub   rsa4096 2017-05-08 [SCEA]
      1EDD E2CD FC02 5D17 F6DA  9EC0 ADAE 6AD2 8A8F 901A
uid           [ unknown] Sublime HQ Pty Ltd <support@sublimetext.com>
sub   rsa4096 2017-05-08 [S]

pub   rsa4096 2016-04-12 [SC]
      EB4C 1BFD 4F04 2F6D DDCC  EC91 7721 F63B D38B 4796
uid           [ unknown] Google Inc. (Linux Packages Signing Authority) <linux-packages-keymaster@google.com>
sub   rsa4096 2019-07-22 [S] [expires: 2022-07-21]

pub   rsa4096 2014-06-13 [SC]
      9FD3 B784 BC1C 6FC3 1A8A  0A1C 1655 A0AB 6857 6280
uid           [ unknown] NodeSource <gpg@nodesource.com>
sub   rsa4096 2014-06-13 [E]

pub   rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3  721C EB3E 94AD BE12 29CF
uid           [ unknown] Microsoft (Release signing) <gpgsecurity@microsoft.com>

[...]

How do I solve this issue?

Ubuntu 20.04 focal

Answer 1

Never mind, the error message was kind of misleading.

The problem was that my sources.list file (that I had taken from Microsoft's own instructions) was pointing to a non-existent key file:

deb [arch=amd64 signed-by=/usr/share/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/vscode stable main

I removed the signed-by option from the square brackets, and everything worked.

Answer 2

I ran this

wget https://packages.microsoft.com/config/ubuntu/22.04/packages-microsoft-prod.deb -O packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
rm packages-microsoft-prod.deb

and everything worked.

From https://docs.microsoft.com/en-us/dotnet/core/install/linux-ubuntu. You can ctrl + f this: 22.04 (Microsoft package feed) and you'll find the instruction from microsoft.

Answer 3

Please try these steps:

apt-key list
sudo apt-key del "Microsoft pub key"
curl -fsSL https://packages.microsoft.com/keys/microsoft.asc | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/packages.microsoft.gpg
sudo apt update

Answer 4

I ran into this issue after trying to install VSCode on ChromeOS's Linux environment, which I understand to be a variant of Debian Linux.

The issue was while downloading the deb file and installing was successful, it seems that I missed this step in the docs (bolded):

Installing the .deb package will automatically install the apt repository and signing key to enable auto-updating using the system's package manager. Alternatively, the repository and key can also be installed manually with the following script:

sudo apt-get install wget gpg
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg
sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
rm -f packages.microsoft.gpg

Then update the package cache and install the package using:

sudo apt install apt-transport-https
sudo apt update
sudo apt install code # or code-insiders

TL;DR: Try sudo apt install apt-transport-https and https support will work out of the box, allowing apt to install from https sources, as I see in /etc/apt/sources.list.d/vscode.list it does indeed list "https://packages.microsoft.com/repos/code stable main" as a source.

If that doesn't work, try adding microsoft's keyring manually, detailed in their docs: https://code.visualstudio.com/docs/setup/linux

sudo apt-get install wget gpg
wget -qO- https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > packages.microsoft.gpg
sudo install -D -o root -g root -m 644 packages.microsoft.gpg /etc/apt/keyrings/packages.microsoft.gpg
sudo sh -c 'echo "deb [arch=amd64,arm64,armhf signed-by=/etc/apt/keyrings/packages.microsoft.gpg] https://packages.microsoft.com/repos/code stable main" > /etc/apt/sources.list.d/vscode.list'
rm -f packages.microsoft.gpg

Answer 5

This question is old but the problem still persists. I was trying to install MSSQL 2022 on Ubuntu 20.04 and ran into this issue. For whatever reason sudo wget https://packages.microsoft.com/keys/microsoft.asc | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc did not copy the file to the specified destination but to the current folder. Target file was empty so I just copied it to where it's supposed to be and repository was added successfully.