17

I am trying to run an update, I get a lot of "Hit"'s and "Ign"'s but in the end I get these errors, does anybody know what they mean and how I can fix them?

W: GPG error: http://speglar.simnet.is olivia Release: The following signatures were invalid: BADSIG 3EE67F3D0FF405B2 Clement Lefebvre (Linux Mint Package Repository v1) <[email protected]> W: GPG error: http://speglar.simnet.is raring Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <[email protected]> W: GPG error: http://archive.canonical.com raring Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <[email protected]> W: GPG error: http://ppa.launchpad.net raring Release: The following signatures were invalid: BADSIG 5A9A06AEF9CB8DB0 Launchpad PPA for Ubuntu Wine Team
Improve this question
4
  • Each repository (more or less) has its own key to sign packages. Did you run apt-key or a corresponding GUI to install extra keys for these repositories? Commented Oct 24, 2013 at 23:50
  • I'm not sure how to do that, can I run gedit apt-key and add these keys into the file? What are these keys anyway? Commented Oct 25, 2013 at 0:00
  • 1
    You add a key by running the apt-key command (or with an equivalent GUI, for example the interface to add a PPA in the default software manager on Ubuntu does that automatically), you can't edit a file directly. Expand “Technical details about this PPA” then click on “What is this?” after “Signing key” in a PPA page for more explanations. The purpose of the signing key is to verify that the package files that you receive are genuine. Commented Oct 25, 2013 at 0:05
  • I had this issue because I stripped the UIDs from the key; including at least the primary UID in the exported key fixed the issue for me. Commented Aug 10 at 18:48

3 Answers 3

Reset to default
23

As Gilles explained, most Linux repositories are signed with GPG encryption keys. apt then uses these keys to ensure the authenticity of the repositories. In order to safely use a repository, you need to add it's keys to the list that apt considers trusted.

Each necessary key needs to be downloaded from a key server which is done with this command (I am using keyserver.ubuntu.com but you can use others):

apt-key adv --recv-keys --keyserver keyserver.ubuntu.com KEY_NAME

From man apt-key:

 adv Pass advanced options to gpg. With adv --recv-key you can download the public key.

In your case, apt is complaining about keys 3EE67F3D0FF405B2,40976EAF437D05B5,40976EAF437D05B5 and 5A9A06AEF9CB8DB0, you can get all three of them by running:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 3EE67F3D0FF405B2 40976EAF437D05B5 40976EAF437D05B5 5A9A06AEF9CB8DB0

If all goes well you should see various lines of output including:

gpg: Total number processed: 4 gpg: imported: 4 (RSA: 1) gpg: unchanged: 0 gpg: new signatures: 4
Improve this answer
3

Alternate possibility, if your apt-get/aptitude has been found in an unusual state recently, is that its internal lists are damaged and incompatible with the true keys. Cleaning the cache and restarting on fresh basis can help:

 sudo rm -r /var/lib/apt/lists sudo mkdir -p /var/lib/apt/lists/partial sudo aptitude update

(op: http://ubuntuforums.org/showthread.php?t=802156&p=9697234#post9697234 )

Improve this answer
-1

In my case, this was a time sync issue. Sharing the solution for posterity's sake (original solution)

sudo nano /etc/resolv.conf # add the following servers nameserver 8.8.8.8 nameserver 8.8.4.4 #Run this sudo hwclock -s
Improve this answer
1
  • What's the relation between DNS servers and hwclock? Commented Dec 18, 2023 at 13:43

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.