reload -- gpg sig invalid

Status changed to 'Confirmed' because the bug affects multiple users.

Same here... getting the keys doesn't help:

...after an apt-get update...
Fetched 665 B in 45s (14 B/s)
Reading package lists... Done
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://extras.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 16126D3A3E5C1192 Ubuntu Extras Archive Automatic Signing Key <email address hidden>

W: GPG error: http://download.virtualbox.org oneiric Release: The following signatures were invalid: BADSIG 54422A4B98AB5139 Oracle Corporation (VirtualBox archive signing key) <email address hidden>
W: GPG error: http://de.archive.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: GPG error: http://de.archive.ubuntu.com oneiric-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/oneiric/Release

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/source/Sources 404 Not Found

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/binary-amd64/Packages 404 Not Found

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found

W: Some index files failed to download. They have been ignored, or old ones used instead.

nils@padfoot64:/etc/apt/sources.list.d$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 16126D3A3E5C1192 40976EAF437D05B5 54422A4B98AB5139

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.7GYqfhTLOy --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 16126D3A3E5C1192 40976EAF437D05B5 54422A4B98AB5139
gpg: requesting key 3E5C1192 from hkp server keyserver.ubuntu.com
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: requesting key 98AB5139 from hkp server keyserver.ubuntu.com
gpg: key 3E5C1192: "Ubuntu Extras Archive Automatic Signing Key <email address hidden>" not changed
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <email address hidden>" not changed
gpg: key 98AB5139: "Oracle Corporation (VirtualBox archive signing key) <email address hidden>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3
nils@padfoot64:/etc/apt/sources.list.d$

This appears to be a workaround:

host64:/var/lib/apt/lists$ sudo rm *
host64:/var/lib/apt/lists$ sudo rm partial/*

The files will be redownloaded at the next apt-get update.

The underlying problem appears to be that some of the files are bad (old? corrupt? partial downloads?) and that that error condition isnt handled correctly by apt-get update.

Yup. That solved it for me... Thanks nils for the workaround!
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

For me that is a temp workaround and the next time i use synaptic or apt-get it fails and I have to do that procedure again. Honestly this needs to be repaired, not worked around.

May be related or the same bug - if not I will be happy to open a new bug.

Twice I have had all the files in /var/lib/apt/lists replaced with the splash/clickthrough page from an open wireless access point.

In one case it was in an airport, and the second was in a hotel. In both cases I had previously associated with the SSID of the access point.

So - when I booted the laptop, but before I opened a browser and clocked through the EULA for access, apt grabbed the splash screen and shoved it into each of the files.

Here's an example of the content, from the latest hotel incident:

$cat us.archive.ubuntu.com_ubuntu_dists_oneiric-updates_universe_source_Sources.IndexDiff
<html><head>
<meta http-equiv="Pragma" content="no-cache">
<title>Object Moved
(.30)</title>
<link href="ibahn_theme.css" rel="Stylesheet" type="text/css" media="all">
<link href="menu.css" rel="stylesheet" type="text/css">
</head>
<body><center>
<A href="https://secure34.ibahn.com/purchase/purchase?MA=00-21-5c-95-62-d9&SC=BOSS9&DI=168617112&PN=1&BD=0875c796&PX=false" name=a1>Click Here To Continue</A>
</center></body>
</html>

This tarball contains the files from /var/lib/apt/lists, before I deleted them

contents of /var/lib/apt/lists after I deleted everything and ran apt-get update again. The system is in a working state with these files

Thanks Steve! It looks like the .IndexDiff files are the problem, the remaining files look ok.

Here's what I was emailed from the the log when update manager ran:

/etc/cron.daily/apt:
verbose level 1
system is on main power.
sleeping for 731 seconds
system is on main power.
check_stamp: interval=86400, now=1321592400, stamp=1321506000, delta=86400 (sec)
apt-key net-update (success)
download updated metadata (error)
download upgradable (not run)
check_stamp: interval=0
unattended-upgrade (not run)
check_stamp: interval=0
autoclean (not run)
aged: ctime <30 and mtime <30 and ctime>2 and mtime>2
end remove by archive size: size=155924 < 512000

Is this enough info?

I think this is yet another instance of bug 24061. I've added a reproduction procedure to that bug.

On Ubuntu 11.10, the ppa:stebbins/handbrake-snapshots doesn't work well :

W:Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/source/Sources 404 Not Found
, W:Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found
, E:Some index files failed to download. They have been ignored, or old ones used instead.

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Happy N-Year everyone =)

Sorry, wrong post, bug #24061... ='(

--> []

Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/binary-amd64/Packages 404 Not Found