touch-packages team mailing list archive

Thread
Date

[Bug 1263540] Re: Apt-get reports NO_PUBKEY gpg error for keys that are present in trusted.gpg.

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: "A. Eibach" <1263540@xxxxxxxxxxxxxxxxxx>
Date: Sat, 12 Sep 2015 18:08:10 -0000
Reply-to: Bug 1263540 <1263540@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

(comment 7)

I can't believe it! THAT'S MINE!!!

40976EAF437D05B5

As I thought that it could even be related to some local repo not
updating their stuff in time (yes this happens sometimes in minor form),
I chenged to fr. and ch. domains sequentially. To no avail at all.

Thanks for the idea to use the 'del' option in apt-key.

I can't believe that so many people have problems with this, and all
that developers are (usually) raving about is whether Ubuntu should be
verbose to the user about global hotkey assignments or not. Securtity
paranoiacs, most of them, but if it comes to such basic-security issue
as here, they just go 'shrug, works for me, you're just too daft'.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1263540

Title:
  Apt-get reports NO_PUBKEY gpg error for keys that are present in
  trusted.gpg.

Status in APT:
  Fix Released
Status in apt package in Ubuntu:
  Fix Released

Bug description:
  Ubuntu 13.10
  apt  0.9.9.1~ubuntu3

  'apt-get update' has started showing several warnings like the
  following, even though the keys are present:

  W: GPG error: http://us.archive.ubuntu.com saucy Release: The
  following signatures couldn't be verified because the public key is
  not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32

  'apt-key list' shows the keys in question in its output...

  pub   1024D/437D05B5 2004-09-12
  uid                  Ubuntu Archive Automatic Signing Key <ftpmaster@xxxxxxxxxx>
  sub   2048g/79164387 2004-09-12

  pub   4096R/C0B21F32 2012-05-11
  uid                  Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@xxxxxxxxxx>

  ...and its output begins with the following:

  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-
  manager.gpg': resource limit

  I see the same gpg message when I manually update/remove/add the keys
  in question. E.g.:

  $ sudo apt-key update
  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-java.gpg': resource limit
  gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit
  gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key <ftpmaster@xxxxxxxxxx>" not changed
  gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key <cdimage@xxxxxxxxxx>" not changed
  gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@xxxxxxxxxx>" not changed
  gpg: key EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) <cdimage@xxxxxxxxxx>" not changed
  gpg: Total number processed: 4
  gpg:              unchanged: 4

  I asked about the "resource limit" message on the gnupg-users mailing list...
  http://www.mail-archive.com/gnupg-users@xxxxxxxxx/msg23300.html
  Based on Werner Koch's (the dev) answer...
  http://www.mail-archive.com/gnupg-users@xxxxxxxxx/msg23302.html
  ...the secure apt related programs might be making gpg use more than the maximum number of keyrings that it can handle.

To manage notifications about this bug go to:
https://bugs.launchpad.net/apt/+bug/1263540/+subscriptions