Comment 10 for bug 1577926

1. Removing the _apt user is really not needed nor a good idea. Its enough to have this in a config file:
APT::Sandbox::User "root"; // remove file again after testing!
2. Symlinking /usr/bin/gpgv to /bin/true will never work as verifying signatures is more involved then just checking the exit code… there are ways to have a similar effect, but as that would be an enormous security hole I am not going to describe it here for fear of someone blindly copying it. Obviously NOT a good idea at all.

Now that we have that out of the way two "common" problems:
1. Check that /tmp has reasonable permissions. It should have 1777 and be owned by root:root.
2. ls -ld /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d /etc/apt/trusted.gpg.d/*
Everything shown should be owned by root:root and everything world-readable (= the last of the three r's).

(the first is hard to detect, the second has a proper warning in newer apt versions)