ubuntu 18.04.5 LTS apt update "Unknown error executing apt-key"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apt (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I have some machines AWS with Ubuntu 18.04.5 LTS but unable to update the repository on servers. When I'm trying to update the repo it throwing an error with Unkown Keys error.
root# apt update
Get:1 http://
Get:2 https:/
Err:1 http://
Unknown error executing apt-key
Err:2 https:/
Unknown error executing apt-key
Get:3 http://
Get:4 http://
Err:3 http://
Unknown error executing apt-key
Get:5 http://
Get:6 http://
Err:4 http://
Unknown error executing apt-key
Err:6 http://
Unknown error executing apt-key
Err:5 http://
Unknown error executing apt-key
Get:7 https:/
Err:7 https:/
Unknown error executing apt-key
Reading package lists... Done
W: GPG error: http://
E: The repository 'http://
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https:/
E: The repository 'http://
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://
E: The repository 'http://
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://
E: The repository 'http://
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://
E: The repository 'http://
N: Updating from such a repository can't be done securely and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https:/
E: The repository 'https:/
N: Updating from such a repository can't be done securely and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
All servers are on AWS and facing the same issue on multiple servers. unable to update server. I have spent many days troubleshooting this issue. but did not find a solution.
but at Last, i got this command
echo 'APT::Sandbox::User "root";' >/etc/apt/
it works and now i can update repository.
Q.1 Why I have to run this command? anyone knows the exact reason behind this.
Q.2 Is this a type of security hole?
tags: | added: dist-upgrade patch upgrade-software-version |
tags: | added: bionic |
Make sure that _apt user can read all files in /etc/apt/ trusted. gpg.d and /etc/apt/ trusted. gpg and any key files you might have specified via signed-by in sources.list.
By disabling the sandboxing, it makes it easier for an attacker that controls the http server to make use of vulnerabilities in the HTTP, TLS, GPG stacks as they process this untrusted data as root instead of an unprivileged user (ok, there is another APT-specific escape hatch in the sandbox that also needs fixing, but still, improves security somewhat).