GPGArchiveSignature

GPG Keys for APT repositories

This page is a stub at the moment. It is intended to furnish an explanation of what the GPG keys used by apt-get do and how they do it, so that people encountering problems are somewhat aided.

This wiki page is prompted by intermittent Ubuntu archive problems which mean that some users get the following nasty, indecipherable error message

W: GPG error: http://archive.ubuntu.com breezy-updates Release: The following
signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic
Signing Key <ftpmaster@ubuntu.com>
W: You may want to run apt-get update to correct these problems

apt-key list output:
/etc/apt/trusted.gpg
--------------------
pub   1024D/437D05B5 2004-09-12
uid                  Ubuntu Archive Automatic Signing Key
<ftpmaster@ubuntu.com>sub   2048g/79164387 2004-09-12

pub   1024D/FBB75451 2004-12-30
uid                  Ubuntu CD Image Automatic Signing Key <cdimage@ubuntu.com>

The notion of GPG keys (and how to use them to upload packages to Ubuntu archives) is explained in GPGKey, but this does not tell us about the error message. A discussion of the problem has come up in bugzilla.


CategoryCleanup CategoryLookMergeDelete

GPGArchiveSignature (last edited 2008-08-06 16:31:15 by localhost)