[ 14.04 ] - Official repositories GPG error

Marius Gedminas marius at pov.lt
Fri Mar 28 11:55:48 UTC 2014 

Hi!

On Fri, Mar 28, 2014 at 06:12:11AM -0300, Martín Cigorraga wrote:
> Today I started receiving this error messages for the official Ubuntu
> repositories on the Main server:
> 
> [...]
> Fetched 66,1 kB in 1min 44s (631 B/s)
> Reading package lists... Done
> W: GPG error: http://archive.canonical.com trusty Release: The following
> signatures couldn't be verified because the public key is not available:
> NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

Whoa.  40976EAF437D05B5 is the Ubuntu Archive Automatic Signing Key from
2004!  You should have had it in your /etc/apt/trusted.gpg since install
time.

3B4FE6ACC0B21F32 is the Ubuntu Archive Automatic Signing Key from 2012.

Run 'apt-key list' to see what keys are present in your apt-get keyring.
E.g. mine are

    $ apt-key list

    /etc/apt/trusted.gpg
    --------------------
    pub   1024D/437D05B5 2004-09-12
    uid                  Ubuntu Archive Automatic Signing Key <ftpmaster at ubuntu.com>
    sub   2048g/79164387 2004-09-12

    pub   1024D/FBB75451 2004-12-30
    uid                  Ubuntu CD Image Automatic Signing Key <cdimage at ubuntu.com>

    pub   1024D/3E5C1192 2010-09-20
    uid                  Ubuntu Extras Archive Automatic Signing Key <ftpmaster at ubuntu.com>

    pub   4096R/C0B21F32 2012-05-11
    uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster at ubuntu.com>

    pub   4096R/EFE21092 2012-05-11
    uid                  Ubuntu CD Image Automatic Signing Key (2012) <cdimage at ubuntu.com>


plus a bunch of PPAs that I omitted for brevity.

The key IDs are shortened to 8 hex characters here, so compare the right
half:

    40976EAF437D05B5 (the one that apt-get complained about)
            437D05B5 (the one listed in apt-key list)

(Long and short GPG key IDs are actually just the last 8 or 16 hex
characters of the fingerprints you can see with 'apt-key finger'.)

So I think your /etc/apt/trusted.gpg got corrupted somehow.

Now, the question is: how can you restore the keyring safely?  It's not
something that I ever had to worry about.  I suppose I'd rename 
/etc/apt/trusted.gpg to *.bak, find an Ubuntu LiveCD, then copy the
trusted.gpg file from it.

Marius Gedminas
-- 
The difference between immorality and immortality is "T".  I like Earl Grey.
		-- Carl Dershem
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140328/ae0e5ae2/attachment.sig>

More information about the ubuntu-users mailing list