I made the switch! Well mostly, my main PC that I use for work (audio, music, etc) is still Windows for now while I figure out if I can do what I need with Linux. 3 days ago I threw Mint on my old laptop (which I don’t use much for testing as it’s still slow, even with Linux) and wanted to use my main laptop to test for switching my PC. Unfortunately it’s a Samsung Galaxy Book3 Ultra, which apparently has issues with Linux hardware-wise. I got everything up and running (except for the webcam which was expected) and found Ubuntu Studio, which seems to basically be Ubuntu with auto-install of a suite of audio and video programs, and a low latency kernel (whatever that means. I’ll get there to figure it out eventually).
I’ve learned a LOT. Pulling in Windows vst files through Wine and yabridge was a journey. Every time I fixed an issue and took a step forward, I encountered a new one haha. But, I got it working. I LOVED figuring out the problems, even if I wanted to pull my hair out. The terminal is…really neat.
Anyway it’s important to me to try and learn the how/why as I go so here’s my question. Librewolf. It installs via terminal, and I’m having issues on Ubuntu Studio. I tried it on Mint and it installed fine. Ubuntu studio however throws up this error: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY 76F1A20FF987672F
I tried sudo apt-get install -f (which I think looks for missing dependencies and stuff?) but no go. Since both distros are Debian, I’m guessing the biggest difference between Mint and Ubuntu Studio is the kernel? I’ve been able to fix things with missing dependencies but I’m guessing the public key is something different?
ELI5, why does it work on Mint and not Ubuntu Studio?
Edit: Got it thanks to u/frongt I added the key and it’s all good!
Execute the following commands in terminal
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>
where <PUBKEY> is your missing public key for repository, e.g. 8BAF9A6F.
Then update
sudo apt-get update
You must log in or register to comment.
a low latency kernel (whatever that means. I’ll get there to figure it out eventually)
It’s a kernel with real-time process scheduling enabled by default.
In normal kernels a process can theoretically block all other processes from running for up to several seconds, which is obviously bad for time sensitive things like audio recordings or controlling a CNC-machine for example.
In real-time scheduling all processes are guaranteed time slices in more regular intervals. This is good for time sensitive things like audio recording, but since there is some scheduling overhead it’s bad for single resource intensive processes or process trees like video games.
You can read more about the difference between a real time and low latency kernel here: https://help.ubuntu.com/community/UbuntuStudio/RealTimeKernel
Beauty, that’s what I figured. On Windows I had to download asio4all to eliminate latency. Good to know about the kernel.
As an aside, stick with the defaults unless you have a specific reason to switch.
Don’t overcomplicate things, or at least try to realize when you’re doing it.
Different distirbutrions subscribe to different “key servers” (is that the right term?) to validate that the packages they’re getting have been signed by the right people, and not by Dick Dastardly and his crew. LibreWolf isn’t your typical Linux package, but probably on the same trustworthy level as some of “extra” packages found in other repos. My guess would be Mint subscribes to the key server where the LibreWolf dev’s key exists, and Ubuntu doesn’t because Ubuntu has a very Ubuntu™ way of doing things (I’m being a snob here).
So I think if you really want to use LibreWolf, you will have to manually subscribe to the keyserver where the LibreWolf’s dev key is, or manually import the key yourself to validate the package.
Anyway, welcome to the wacky races
You understand what is happening conceptually but some of the details are not exactly correct.
The package manager verifies every package’s cryptographic signature, which is usually a hash of the file contents which is then signed with the developer’s private key, so that anyone with the developer’s public key can decrypt the hash (which verifies that it comes from a source which controls the private key of the keypair) and check it against the hash of the files they downloaded to ensure they haven’t been altered between the project and your PC.
What’s happening is that OP is installing a package which is signed with a key that is not added as a trusted key in their keyring. So when it tries to check the cryptographic signature against its local hash it finds that none of the keys in the trusted keyring will decrypt the hash and so it doesn’t trust the file and kicks out the error in the OP.
The command
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys <PUBKEY>Tells apt to grab the public key with the ID <PUBKEY> from the keyserver keyserver.ubuntu.com and add it as a trusted key on your keyring.
The reason that you use a key ID is that the actual public key is very large (2048 bits, most likely) and so it’s easier on the system administrator to see key IDs and then retrieve the full public key from a keyserver if they need it than have the error log/terminal spammed with multiple screens full of random characters.
That being said, using apt-key to add trusted keys is deprecated due to a potential security issue. The key is trusted for code signed from any repo, so a compromised key could allow an attacker to replace Librewolf with a malicious package on another repo called Librewolf and, as long as the signatures match (because they somehow stole Librewolf’s private key or tricked you install installing an incorrect <PUBKEY> id) the package manager will install it.
The new way (which is largely manual now, but people have already made scripts to do it more easily) is to manually download the key, store it somewhere and then add it to the configuration in /etc/apt/sources.list.d/ so that the source list itself defines which keys are trusted for that source. This would limit the key to being trusted for that specific repo only and not for every repo (or every possible thing that uses public keys)
This has a more complete explanation, instructions on doing it manually and some links to helper scripts people have made to make the process just as simple as using apt-key: https://askubuntu.com/questions/1286545/what-commands-exactly-should-replace-the-deprecated-apt-key#1307181
Thanks for the extra context, though I’m not sure why Mint had that key by default in their keyserver and Ubuntu doesn’t
This is really interesting thank you. It’s starting to make sense a little more.
I LOVED figuring out the problems, even if I wanted to pull my hair out.
I recently dumped M$, and in my decision I expected the learning curve to be a downside, but what I’ve experienced is joy and accomplishment in learning new things.
I’d go further to say that learning Windows teaches you about Windows but learning Linux teaches you about computers.
Absolutely! I’m finding that I’m really focused on “why and how” as I learn. I started just copy pasting but it’s a lot more fun learning the actual commands.
Since 6.12 the Preempt rt patcheshave become canon.
As for older kernels, there’s a thread Here but idk what the current situation is
Did you use this instruction? If so, i think you forgot this step
wget -O- https://download.opensuse.org/repositories/home:/bgstack15:/aftermozilla/Debian_Unstable/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/home_bgstack15_aftermozilla.gpgI avoid it because it said unstable. Just tried, same issue.
I am not too much into Ubuntu studio but on what version it based of Ubuntu as alternative fast fix install flatpak version of librewolf
Just tried flatpack (first time for this). Librewolf launched, though the icon was a yellow ‘w’ and was running in terminal with something called brwap. I tried to find Librewolf in Discover which throws up a long error everytime I launched Discover, ending with the same public key issue. I may have done it wrong, but after trying to uninstall the flatpack I still get that error every time I launch Discover haha. Think I messed something up
Public error related to of librewof of ur previous actions u need to remove deb repository remove in instruction provided in librewolf page .Yellow w it fine it works through xwayland
Google that string. Looks like it’s the key for the wine repo, not related to what you’re doing. Remove the offending repo, or add the key.
How can I add the key?
NVM got it. Librewolf installed! Thanks!
You should also share the solution for future readers.
Already made the edit. Thanks again!
I used to install low latency kernel as well. Last time I just installed vanilla Mint. Audio was bad. Then I figured out I have to add myself to the audio group and voilà, works perfectly. No more kernel-hopping for me.
If you’re struggling with your windows plugins I highly recommend checking out kxstudio for native Linux ones. There are excellent plugins for audio production on linux. I also recommend using Ardour as your DAW.
Woof, hard flashback to my first steps on Linux. Idk, these problems leave, when you try to buy better supported Linux hardware. Thinkpads and XPS (second hand / refurbed) are near 100% supported (maybe some have a quirky nvidia gpu which needs some extra steps) and really cheap these days. I would sell stupid Samsung / Chromebook stuff and buy Dell/Lenovo for less headache.
Haha yeah I got the Samsung 50% off about a month before I started taking leaving big tech seriously. Honestly, I really like that there are issues, workarounds, and it generally doesn’t play nice. I learn best by doing and I’ve already learned a tonne just by having to run terminal commands to get things going, even things like touchpad issues, audio, power light staying on, etc. My next computer I’ll focus on Linux hardware priorities (I think AMD plays well) but for now, fixing is how I’m learning.
I’m in a similar situation: I have to keep a windows box around for specific audio tools and interfaces. A nice thing I’ve discovered is Sunshine (lizardbyte) and Moonlight. Sunshine is the desktop streamer that runs on the windows box, Moonlight is the client you run on the linux laptop (or android or whatever) to connect to Sunshine. I find it to be a nice solution for keeping the windows box easily accessible from my main displays/kb/mouse which are always tethered to the linux laptop. Thia streaming setup feels a lot more natural than RDP, and it’s especially useful if you need to handle any video on the windows box. The main use case is video games, so there is that too.
Interesting, I’ll look into that. It’s like having a window running Windows? I’m hoping to completely dump Windows so I’m focused on learning Bitwig and figuring out Wine/Proton for anything I need Windows programs for like vsts and games
It’s geared at streaming your gaming session from a remote pc. Extremely low latency and works like a dream. I use it to stream my gaming pc to my xbox, but it will stream anything your pc does.
You could call it that. The most direct analogy is RDP, or even a kvm. It’s a remote session to another machine, but under the hood it’s using the fast and efficient video codecs, h264 or hevc. It’s also good about piping audio from the remote machine to whatever you’re using locally.
I’m also hoping to dump windows. I spent a week trying to get my usb interface working with guitar rig running in wine bottles. I was getting nowhere with it just fell back to using the windows box remotely.
Yeah kind of, but you need to have an actual machine running windows somewhere (preferably within the same network)
A VM would be more like “a window running windows”
