Apt Problems


I’m having problems with Apt again, this time on the Main Server. A key error, and one which I’ve seen before, but can’t for the life of me remember how I fixed it before. I get a few different errors, all along these lines

W: GPG error: karmic-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmaster@ubuntu.com>

I’ve tried deleting the key with

sudo gpg --delete-keys 437D05B5

Attempting to redownload the same key with

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 437D05B5


gpg: requesting key 437D05B5 from hkp server keyserver.ubuntu.com
gpg: keyserver timed out
gpg: keyserver receive failed: keyserver error

I’m not sure what I need to do. Perhaps it’s a problem with Apt-Cacher-NG, which is very possible. I don’t understand though. The above should fix it by deleting the key, and getting the new one, but it can’t seem to get to it. I tried adding an exception to Squid, telling it not to cache requests from any *.ubuntu.com domain, but that didn’t help.

#ACL for Squid not to cache
acl ubuntu_updates dstdomain .ubuntu.com
always_direct allow ubuntu_updates

I tried using an alternate keyserver;

gpg --keyserver hkp://pgp.mit.edu --recv-keys 40976EAf437d05b5

I can get the key, but it’s not trusted. To change the trust, you need to edit it.

gpg --edit-key 40976EAf437d05b5



Select “5” and click “y” to ultimately trust the key. Finally update the key database;

gpg --update-trustdb

Even after ALL that, the key is returned as a BADSIG key. I’ve even tried doing the whole process, from both keyservers, with my Apt-Cacher-NG server, but to no avail.

I’m kinda lost at what to do. I think I better take a look for a bug report….


%d bloggers like this: