-
-
Save piersharding/ffc505564a82daaf6ff33d951f568dad to your computer and use it in GitHub Desktop.
Terminal trouble with apt-get GPG signatures in /etc/apt/trusted.gpg
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fix completely broken signature validation for apt whe you get message like: | |
| # W: GPG error: http://archive.canonical.com/ubuntu xenial InRelease: At least one invalid signature was encountered. | |
| # W: The repository 'http://archive.canonical.com/ubuntu xenial InRelease' is not signed. | |
| # N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. | |
| # N: See apt-secure(8) manpage for repository creation and user configuration details. | |
| # ... | |
| # and running: | |
| apt-key update | |
| # does not help | |
| # when testing the signatures with gpg, you may even see errors like this: | |
| # cd /var/lib/apt/list | |
| # gpg --trustdb-name /etc/apt/trusted.gpg --verify archive.ubuntu.com_ubuntu_dists_xenial-updates_Release | |
| # gpg: Signature made Sat 08 Oct 2016 04:33:51 NZDT using DSA key ID 437D05B5 | |
| # gpg: 0: read expected rec type 1, got 153 | |
| # gpg: fatal: /etc/apt/trusted.gpg: invalid trustdb | |
| # secmem usage: 1408/1408 bytes in 2/2 blocks of pool 1408/65536 | |
| # Fix it by rebuilding the trust db | |
| cd /etc/apt | |
| mkdir save | |
| mv trustdb.gpg trusted.gpg* secring.gpg save/ | |
| bash -x apt-key update | |
| # try apt-get update again | |
| apt-get update | |
| # ... | |
| # Get:9 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [92.2 kB] | |
| # Fetched 597 kB in 3s (150 kB/s) | |
| # Reading package lists... Done | |
| # W: GPG error: http://cran.stat.auckland.ac.nz/bin/linux/ubuntu xenial/ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 51716619E084DAB9 | |
| # W: The repository 'http://cran.stat.auckland.ac.nz/bin/linux/ubuntu xenial/ InRelease' is not signed. | |
| # N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. | |
| # N: See apt-secure(8) manpage for repository creation and user configuration details. | |
| # ... | |
| # ah - now we have some sigs working and some specific ones still missing for manually added repos | |
| # Add individual missing keys left | |
| apt-key adv --keyserver keyserver.ubuntu.com --recv 51716619E084DAB9 | |
| # now all should be happy | |
| apt-get update | |
| # tidy up | |
| rm -rf /etc/apt/save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment