[Bug 24061] Re: GPG error with apt-get/aptitude/update-manager behind proxy (BADSIG 40976EAF437D05B5)

Rickard Armiento 24061 at bugs.launchpad.net
Wed Apr 25 07:48:17 UTC 2012 

I am on a university network that fake DNS responses to re-direct you to
a login page before you are allowed to access the external network. This
is a pretty common setup for wifi on e.g. airports, restaurants, hotels,
etc.

I hit this bug reliably if an apt-get update is run while I am connected
to the network but not logged in. Presumably apt-get thinks it is
fetching index files, but gets copies of the login page instead, which
breaks the cache. It is possible that a lot of these bug reports are
caused by Ubuntu's automatic update of the apt cache running while the
user is on such a network.

Apart from the annoyance, isn't this a security issue? Since Ubuntu
default is to automatically update the package index without user
request, one cannot be sure what kind of network the user is on when it
happens. If it is an untrusted network there is obviously the risk of
denial-of-service (breakage of the user's apt cache), if not worse (feed
user fake data?). Isn't some kind of key-signature thing needed before
any changes happens in the apt cache?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/24061

Title:
  GPG error with apt-get/aptitude/update-manager behind proxy (BADSIG
  40976EAF437D05B5)

Status in “apt” package in Ubuntu:
  Triaged
Status in “update-manager” package in Ubuntu:
  Won't Fix
Status in “apt” source package in Precise:
  Triaged
Status in “update-manager” source package in Precise:
  Won't Fix

Bug description:
  I keep getting this when i launch the update manager.

  W: GPG error: http://archive.ubuntu.com breezy-updates Release: The following
  signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic
  Signing Key <ftpmaster at ubuntu.com>

  How can I fix it?

  ***********
  WORKAROUND:
  ----------
  Run the following commands(saves a backup of the old lists and creates a new lists folder) and the BADSIG error does not occur :

  $ cd /var/lib/apt
  $ sudo mv lists lists.old
  $ sudo mkdir -p lists/partial
  $ sudo apt-get update

  ***********

  comment from Rolf Leggewie: This is due to cache inconsistencies and
  thus is not necessarily a bug in Ubuntu at all.  But I hope the fine
  devs can find a way to better deal with broken proxies.  This is a
  very visible issue, a large number of internet connections are behind
  proxies and the users cannot do anything about it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/24061/+subscriptions

More information about the foundations-bugs mailing list