© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
I added the Ubuntu package signing keys to my personal key chain. Afterwards I can verify the the signatures on the lists downloaded by 'apt-get update', e.g.
$ LANG=C gpg --verify /var/lib/
gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using DSA key ID 437D05B5
gpg: Good signature from "Ubuntu Archive Automatic Signing Key <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 6302 39CC 130E 1A7F D81A 27B1 4097 6EAF 437D 05B5
gpg: Signature made Fri Oct 21 09:32:24 2016 CEST using RSA key ID C0B21F32
gpg: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
So the error message of apt:
W: The repository 'http://
appears to be wrong. The problem appears to be that apt is unable to recognize/check the perfectly good signature on the downloaded files. Is there any way to debug the signature verification process?