[Bug 1263540] Re: Apt-get reports NO_PUBKEY gpg error for keys that are present in trusted.gpg.

Martin Cigorraga martincigorraga at gmail.com
Fri Mar 28 10:44:32 UTC 2014 

Ubuntu 14.04 fully up-to-date here:

Hi everyone, thanks to the help of user @TJ- on #ubuntu+1 we were able
to discover that the issue I was getting is related to this bug:

[...]
Ign http://archive.ubuntu.com trusty-security/universe Translation-en_US
Fetched 4.737 B in 33s (141 B/s)
Reading package lists... Done
W: GPG error: http://archive.canonical.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://extras.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192
W: GPG error: http://archive.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-updates Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-backports Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32
W: GPG error: http://archive.ubuntu.com trusty-security Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

What I did:
1. sudo apt-get clean
2. sudo mv /var/lib/apt/lists /var/apt/lists.old
3. mkdir -p /var/lib/apt/lists/partial
4. sudo apt-get update

And got the same error so, next thing was trying to reinstall 'ubuntu-
keyring': http://pastebin.com/Zr9TppeL

Other relevant info:
"07:32:49       TJ- | msx: The debian bug explains the issue ... too many keyrings being passed to gpg"
"07:35:23       TJ- | msx: Summary is, remove empty keyrings from "/etc/apt/trusted.gpg.d/"

Issue solved here.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1263540

Title:
  Apt-get reports NO_PUBKEY gpg error for keys that are present in
  trusted.gpg.

Status in APT:
  New
Status in “apt” package in Ubuntu:
  Confirmed

Bug description:
  Ubuntu 13.10
  apt  0.9.9.1~ubuntu3

  'apt-get update' has started showing several warnings like the
  following, even though the keys are present:

  W: GPG error: http://us.archive.ubuntu.com saucy Release: The
  following signatures couldn't be verified because the public key is
  not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

  'apt-key list' shows the keys in question in its output...

  pub   1024D/437D05B5 2004-09-12
  uid                  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
  sub   2048g/79164387 2004-09-12

  pub   4096R/C0B21F32 2012-05-11
  uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>

  ...and its output begins with the following:

  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-
  manager.gpg': resource limit

  I see the same gpg message when I manually update/remove/add the keys
  in question. E.g.:

  $ sudo apt-key update
  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-java.gpg': resource limit
  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit
  gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>" not changed
  gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key <cdimage at ubuntu.com>" not changed
  gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>" not changed
  gpg: key EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <cdimage at ubuntu.com>" not changed
  gpg: Total number processed: 4
  gpg:              unchanged: 4

  I asked about the "resource limit" message on the gnupg-users mailing list...
  http://www.mail-archive.com/gnupg-users@gnupg.org/msg23300.html
  Based on Werner Koch's (the dev) answer...
  http://www.mail-archive.com/gnupg-users@gnupg.org/msg23302.html
  ...the secure apt related programs might be making gpg use more than the maximum number of keyrings that it can handle.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1263540/+subscriptions

More information about the foundations-bugs mailing list