[Bug 1936299] Re: ubuntu 18.04.5 LTS apt update "Unknown error executing apt-key"
Julian Andres Klode
1936299 at bugs.launchpad.net
Thu Jul 15 08:19:07 UTC 2021
Make sure that _apt user can read all files in /etc/apt/trusted.gpg.d
and /etc/apt/trusted.gpg and any key files you might have specified via
signed-by in sources.list.
By disabling the sandboxing, it makes it easier for an attacker that
controls the http server to make use of vulnerabilities in the HTTP,
TLS, GPG stacks as they process this untrusted data as root instead of
an unprivileged user (ok, there is another APT-specific escape hatch in
the sandbox that also needs fixing, but still, improves security
somewhat).
** Changed in: apt (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1936299
Title:
ubuntu 18.04.5 LTS apt update "Unknown error executing apt-key"
Status in apt package in Ubuntu:
Incomplete
Bug description:
I have some machines AWS with Ubuntu 18.04.5 LTS but unable to update
the repository on servers. When I'm trying to update the repo it
throwing an error with Unkown Keys error.
root# apt update
Get:1 http://deb.debian.org/debian unstable InRelease [161 kB]
Get:2 https://artifacts.elastic.co/packages/7.x/apt stable InRelease [10.4 kB]
Err:1 http://deb.debian.org/debian unstable InRelease
Unknown error executing apt-key
Err:2 https://artifacts.elastic.co/packages/7.x/apt stable InRelease
Unknown error executing apt-key
Get:3 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease [15.9 kB]
Get:4 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease [110 kB]
Err:3 http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease
Unknown error executing apt-key
Get:5 http://us.archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:6 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Err:4 http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease
Unknown error executing apt-key
Err:6 http://security.ubuntu.com/ubuntu bionic-security InRelease
Unknown error executing apt-key
Err:5 http://us.archive.ubuntu.com/ubuntu bionic InRelease
Unknown error executing apt-key
Get:7 https://repos.citusdata.com/community/ubuntu bionic InRelease [23.2 kB]
Err:7 https://repos.citusdata.com/community/ubuntu bionic InRelease
Unknown error executing apt-key
Reading package lists... Done
W: GPG error: http://deb.debian.org/debian unstable InRelease: Unknown error executing apt-key
E: The repository 'http://deb.debian.org/debian unstable InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://artifacts.elastic.co/packages/7.x/apt stable InRelease: Unknown error executing apt-key
E: The repository 'http://ppa.launchpad.net/deadsnakes/ppa/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease: Unknown error executing apt-key
E: The repository 'http://apt.postgresql.org/pub/repos/apt bionic-pgdg InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://security.ubuntu.com/ubuntu bionic-security InRelease: Unknown error executing apt-key
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease: Unknown error executing apt-key
E: The repository 'http://us.archive.ubuntu.com/ubuntu bionic-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: https://repos.citusdata.com/community/ubuntu bionic InRelease: Unknown error executing apt-key
E: The repository 'https://repos.citusdata.com/community/ubuntu bionic InRelease' is not signed.
N: Updating from such a repository can't be done securely and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
All servers are on AWS and facing the same issue on multiple servers.
unable to update server. I have spent many days troubleshooting this
issue. but did not find a solution.
but at Last, i got this command
echo 'APT::Sandbox::User "root";' >/etc/apt/apt.conf.d/00temp
it works and now i can update repository.
Q.1 Why I have to run this command? anyone knows the exact reason behind this.
Q.2 Is this a type of security hole?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1936299/+subscriptions
More information about the foundations-bugs
mailing list