[Bug 1577926] Re: apt-key works fine, yet apt fails with "Could not execute 'apt-key'"

Raj Basnet 1577926 at bugs.launchpad.net
Thu Jul 15 06:54:47 UTC 2021 

# apt update 
Get:1 http://deb.debian.org/debian unstable InRelease [161 kB]
Get:2 https://artifacts.elastic.co/packages/7.x/apt stable InRelease [10.4 kB]                                                                                                                  
Err:1 http://deb.debian.org/debian unstable InRelease                                                                                                                                           
  Unknown error executing apt-key
Err:2 https://artifacts.elastic.co/packages/7.x/apt stable InRelease                                                                                                                            
  Unknown error executing apt-key
Get:3 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease [15.9 kB]                                                                                                                 
Get:4 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease [110 kB]                                                                                              
Err:3 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease                                                                                               
  Unknown error executing apt-key
Get:5 http://us.archive.ubuntu.com/ubuntu bionic InRelease [242 kB]                                                             
Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]                                    
Err:4 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease                                                        
  Unknown error executing apt-key
Err:6 http://security.ubuntu.com/ubuntu bionic-security InRelease                                                    
  Unknown error executing apt-key
Err:5 http://us.archive.ubuntu.com/ubuntu bionic InRelease                          
  Unknown error executing apt-key
Get:8 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Err:8 http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease
  Unknown error executing apt-key
Get:7 https://repos.citusdata.com/community/ubuntu bionic InRelease [23.2 kB]
Err:7 https://repos.citusdata.com/community/ubuntu bionic InRelease
  Unknown error executing apt-key
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian unstable InRelease: Unknown error executing apt-key
E: The repository 'http://deb.debian.org/debian unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://artifacts.elastic.co/packages/7.x/apt stable InRelease: Unknown error executing apt-key
E: The repository 'https://artifacts.elastic.co/packages/7.x/apt stable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease: Unknown error executing apt-key
E: The repository 'http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease: Unknown error executing apt-key
E: The repository 'http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: Unknown error executing apt-key
E: The repository 'http://security.ubuntu.com/ubuntu bionic-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic InRelease: Unknown error executing apt-key
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease: Unknown error executing apt-key
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://repos.citusdata.com/community/ubuntu bionic InRelease: Unknown error executing apt-key
E: The repository 'https://repos.citusdata.com/community/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.


My All servers are on AWS and facing same issue in multiple servers.unable to update server.I have spent manny days on troubleshooting this issue.but did not find solution.

but at Last i got this command

echo 'APT::Sandbox::User "root";' >/etc/apt/apt.conf.d/00temp
it works and now i can update repository.

Q.1 Why i have to run this command ? anyone know exact reason behind this.
Q.2 Is this a type of security hole ?

FYI @David Kalnischkies @mila nuts

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1577926

Title:
  apt-key works fine, yet apt fails with "Could not execute 'apt-key'"

Status in apt package in Ubuntu:
  Confirmed

Bug description:
  Apt can fail to verify a Release file which verifies just fine when
  calling apt-key directly.

  Please advise how i can supply further debug information to help fix
  the underlying bug.

  Expected:
  apt-get should only report that a repository is not signed when no such signature was found.
  If a signature was in fact successfully acquired but not verified, apt-get should report failure to verify instead.
  apt-get should have a meaningful error message when calling apt-key fails.

  Bonus:
  Calling apt-key should not fail when the same thing works fine on command line.
  A reference to "Debug::Acquire::gpgv" should be in apt-secure(8) documentation.

  Observed:

  # uname -a
  Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux
  # chroot reproducable
  $ uname -a
  Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 armv7l armv7l armv7l GNU/Linux

  $ lsb_release -a 2>/dev/null
  Distributor ID:	Ubuntu
  Description:	Ubuntu 16.04 LTS
  Release:	16.04
  Codename:	xenial

  $ apt-get -o "Debug::Acquire::gpgv=true" update
  Get:1 http://ports.ubuntu.com xenial-security InRelease [92.2 kB]
  0% [1 InRelease gpgv 92.2 kB]igners 
  Preparing to exec:  /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c
  gpgv exited with status 111
  Summary:
    Good: 
    Bad: 
    Worthless: 
    SoonWorthless: 
    NoPubKey: 
  Ign:1 http://ports.ubuntu.com xenial-security InRelease
  Fetched 92.2 kB in 1s (79.5 kB/s)
  Reading package lists... Done
  W: GPG error: http://ports.ubuntu.com xenial-security InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
  W: The repository 'http://ports.ubuntu.com xenial-security InRelease' is not signed.
  N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
  N: See apt-secure(8) manpage for repository creation and user configuration details.

  $ /usr/bin/apt-key --quiet --readonly verify --status-fd /dev/stderr /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c
  gpgv: Signature made Tue May  3 19:02:17 2016 UTC using DSA key ID 437D05B5
  [GNUPG:] SIG_ID e53PXRjA/EMb7CuZJtAicvvUm60 2016-05-03 1462302137
  [GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
  gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>"
  [GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2016-05-03 1462302137 0 4 0 17 10 01 630239CC130E1A7FD81A27B140976EAF437D05B5
  gpgv: Signature made Tue May  3 19:02:17 2016 UTC using RSA key ID C0B21F32
  [GNUPG:] SIG_ID kCsrLo9VUm7YcYhhqQUw2fbWoY4 2016-05-03 1462302137
  [GNUPG:] GOODSIG 3B4FE6ACC0B21F32 Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>
  gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>"
  [GNUPG:] VALIDSIG 790BC7277767219C42C86F933B4FE6ACC0B21F32 2016-05-03 1462302137 0 4 0 1 10 01 790BC7277767219C42C86F933B4FE6ACC0B21F32

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1577926/+subscriptions

More information about the foundations-bugs mailing list