reload -- gpg sig invalid

Bug #863306 reported by faceless on 2011-09-30
40
This bug affects 7 people
Affects Status Importance Assigned to Milestone
apt (Ubuntu)
Medium
Unassigned
synaptic (Ubuntu)
Undecided
Unassigned

Bug Description

W: GPG error: http://security.ubuntu.com oneiric-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: GPG error: http://archive.canonical.com natty Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://extras.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 16126D3A3E5C1192 Ubuntu Extras Archive Automatic Signing Key <email address hidden>

W: GPG error: http://us.archive.ubuntu.com natty-backports Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://us.archive.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>

W: GPG error: http://us.archive.ubuntu.com oneiric-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: GPG error: http://us.archive.ubuntu.com oneiric-proposed Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: GPG error: http://us.archive.ubuntu.com oneiric-backports Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/oneiric/Release

W: Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found

W: Failed to fetch http://us.archive.ubuntu.com/ubuntu/dists/oneiric/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.

using 11.04 invalid update mgr wont do partial upgrade, went to synaptic and depress reload and received the above error message

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: synaptic 0.75.2ubuntu6
ProcVersionSignature: Ubuntu 3.0.0-11.18-generic 3.0.4
Uname: Linux 3.0.0-11-generic i686
ApportVersion: 1.23-0ubuntu1
Architecture: i386
Date: Fri Sep 30 08:29:51 2011
ExecutablePath: /usr/sbin/synaptic
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
 PATH=(custom, no user)
SourcePackage: synaptic
UpgradeStatus: Upgraded to oneiric on 2011-09-30 (0 days ago)

faceless (geelhoed) wrote :
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in synaptic (Ubuntu):
status: New → Confirmed
nils (internationils) wrote :

Same here... getting the keys doesn't help:

...after an apt-get update...
Fetched 665 B in 45s (14 B/s)
Reading package lists... Done
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://extras.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 16126D3A3E5C1192 Ubuntu Extras Archive Automatic Signing Key <email address hidden>

W: GPG error: http://download.virtualbox.org oneiric Release: The following signatures were invalid: BADSIG 54422A4B98AB5139 Oracle Corporation (VirtualBox archive signing key) <email address hidden>
W: GPG error: http://de.archive.ubuntu.com oneiric Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: GPG error: http://de.archive.ubuntu.com oneiric-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <email address hidden>
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/oneiric/Release

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/source/Sources 404 Not Found

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/binary-amd64/Packages 404 Not Found

W: Failed to fetch http://ppa.launchpad.net/jtaylor/keepass/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found

W: Some index files failed to download. They have been ignored, or old ones used instead.

nils@padfoot64:/etc/apt/sources.list.d$ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 16126D3A3E5C1192 40976EAF437D05B5 54422A4B98AB5139

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.7GYqfhTLOy --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 16126D3A3E5C1192 40976EAF437D05B5 54422A4B98AB5139
gpg: requesting key 3E5C1192 from hkp server keyserver.ubuntu.com
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: requesting key 98AB5139 from hkp server keyserver.ubuntu.com
gpg: key 3E5C1192: "Ubuntu Extras Archive Automatic Signing Key <email address hidden>" not changed
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <email address hidden>" not changed
gpg: key 98AB5139: "Oracle Corporation (VirtualBox archive signing key) <email address hidden>" not changed
gpg: Total number processed: 3
gpg: unchanged: 3
nils@padfoot64:/etc/apt/sources.list.d$

nils (internationils) wrote :

This appears to be a workaround:

host64:/var/lib/apt/lists$ sudo rm *
host64:/var/lib/apt/lists$ sudo rm partial/*

The files will be redownloaded at the next apt-get update.

The underlying problem appears to be that some of the files are bad (old? corrupt? partial downloads?) and that that error condition isnt handled correctly by apt-get update.

Peter Antoniac (pan1nx) wrote :

Yup. That solved it for me... Thanks nils for the workaround!
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Changed in apt (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
faceless (geelhoed) wrote :

For me that is a temp workaround and the next time i use synaptic or apt-get it fails and I have to do that procedure again. Honestly this needs to be repaired, not worked around.

Steve Conklin (sconklin) wrote :

May be related or the same bug - if not I will be happy to open a new bug.

Twice I have had all the files in /var/lib/apt/lists replaced with the splash/clickthrough page from an open wireless access point.

In one case it was in an airport, and the second was in a hotel. In both cases I had previously associated with the SSID of the access point.

So - when I booted the laptop, but before I opened a browser and clocked through the EULA for access, apt grabbed the splash screen and shoved it into each of the files.

Here's an example of the content, from the latest hotel incident:

$cat us.archive.ubuntu.com_ubuntu_dists_oneiric-updates_universe_source_Sources.IndexDiff
<html><head>
<meta http-equiv="Pragma" content="no-cache">
<title>Object Moved
(.30)</title>
<link href="ibahn_theme.css" rel="Stylesheet" type="text/css" media="all">
<link href="menu.css" rel="stylesheet" type="text/css">
</head>
<body><center>
<A href="https://secure34.ibahn.com/purchase/purchase?MA=00-21-5c-95-62-d9&SC=BOSS9&DI=168617112&PN=1&BD=0875c796&PX=false" name=a1>Click Here To Continue</A>
</center></body>
</html>

Steve Conklin (sconklin) wrote :

This tarball contains the files from /var/lib/apt/lists, before I deleted them

Steve Conklin (sconklin) wrote :

contents of /var/lib/apt/lists after I deleted everything and ran apt-get update again. The system is in a working state with these files

Michael Vogt (mvo) wrote :

Thanks Steve! It looks like the .IndexDiff files are the problem, the remaining files look ok.

Steve Conklin (sconklin) wrote :

Here's what I was emailed from the the log when update manager ran:

/etc/cron.daily/apt:
verbose level 1
system is on main power.
sleeping for 731 seconds
system is on main power.
check_stamp: interval=86400, now=1321592400, stamp=1321506000, delta=86400 (sec)
apt-key net-update (success)
download updated metadata (error)
download upgradable (not run)
check_stamp: interval=0
unattended-upgrade (not run)
check_stamp: interval=0
autoclean (not run)
aged: ctime <30 and mtime <30 and ctime>2 and mtime>2
end remove by archive size: size=155924 < 512000

Steve Conklin (sconklin) wrote :

Is this enough info?

Colin Watson (cjwatson) wrote :

I think this is yet another instance of bug 24061. I've added a reproduction procedure to that bug.

On Ubuntu 11.10, the ppa:stebbins/handbrake-snapshots doesn't work well :

W:Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/source/Sources 404 Not Found
, W:Failed to fetch http://ppa.launchpad.net/stebbins/handbrake-releases/ubuntu/dists/oneiric/main/binary-i386/Packages 404 Not Found
, E:Some index files failed to download. They have been ignored, or old ones used instead.

_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Happy N-Year everyone =)

Sorry, wrong post, bug #24061... ='(

--> []

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers