[Bug 1163745] [NEW] GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Digulla-hepe
1163745 at bugs.launchpad.net
Wed Apr 3 07:32:46 UTC 2013
*** This bug is a security vulnerability ***
Public security bug reported:
When running "apt-get update", I see these warnings:
Reading package lists... Error!
W: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
W: GPG error: http://ch.archive.ubuntu.com quantal-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Following the advice on http://askubuntu.com/questions/131601/how-to-overcome-signature-verification-error
I deleted the lists and updated again but the error persists.
I also tried to add the key:
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.MhtBtqxmAw --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
So the key seems to be installed already and it seems to be correct.
What should I do next?
PS: I flagged this as security vulnerability since it prevents me from
installing security updates.
** Affects: apt (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1163745
Title:
GPG error: http://security.ubuntu.com quantal-security Release: The
following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu
Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Status in “apt” package in Ubuntu:
New
Bug description:
When running "apt-get update", I see these warnings:
Reading package lists... Error!
W: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
W: GPG error: http://ch.archive.ubuntu.com quantal-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
Following the advice on http://askubuntu.com/questions/131601/how-to-overcome-signature-verification-error
I deleted the lists and updated again but the error persists.
I also tried to add the key:
> apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.MhtBtqxmAw --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
So the key seems to be installed already and it seems to be correct.
What should I do next?
PS: I flagged this as security vulnerability since it prevents me from
installing security updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1163745/+subscriptions
More information about the foundations-bugs
mailing list