[Bug 1163745] Re: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

Digulla-hepe 1163745 at bugs.launchpad.net
Tue Apr 9 15:34:57 UTC 2013 

I found that by disabling the company wide cache settings, the error
goes away. But the files in the cache look good :-/ Is there a way to
see what specifically the tool doesn't like? Is there a debug mode or
something?

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1163745

Title:
  GPG error: http://security.ubuntu.com quantal-security Release: The
  following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu
  Archive Automatic Signing Key <ftpmaster at ubuntu.com>

Status in “apt” package in Ubuntu:
  New

Bug description:
  When running "apt-get update", I see these warnings:

  Reading package lists... Error!
  W: GPG error: http://security.ubuntu.com quantal-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
  W: GPG error: http://ch.archive.ubuntu.com quantal-updates Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>

  Following the advice on http://askubuntu.com/questions/131601/how-to-overcome-signature-verification-error
  I deleted the lists and updated again but the error persists.

  I also tried to add the key:

  > apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
  Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.MhtBtqxmAw --trustdb-name /etc/apt//trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
  gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
  gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
  gpg: Total number processed: 1
  gpg:              unchanged: 1

  So the key seems to be installed already and it seems to be correct.

  What should I do next?

  PS: I flagged this as security vulnerability since it prevents me from
  installing security updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1163745/+subscriptions

More information about the foundations-bugs mailing list