[Bug 1642386] Re: At least one invalid signature was encountered.
** CVE removed: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1252 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
This bug was fixed in the package apt - 1.2.18 --- apt (1.2.18) xenial; urgency=high * SECURITY UPDATE: gpgv: Check for errors when splitting files (CVE-2016-1252) Thanks to Jann Horn, Google Project Zero for reporting the issue (LP: #1647467) * gpgv: Flush the files before checking for errors apt (1.2.17) xenial; urgency=medium [ David Kalnischkies ] * apt-key: warn instead of fail on unreadable keyrings (LP: #1642386) * show apt-key warnings in apt update (Closes: 834973) [ Julian Andres Klode ] * test-releasefile-verification: installaptold: Clean up before run apt (1.2.16) xenial; urgency=medium [ David Kalnischkies ] * avoid changing the global LC_TIME for Release writing * use de-localed std::put_time instead rolling our own * accept only the expected UTC timezones in date parsing (Closes: 819697) * avoid std::get_time usage to sidestep libstdc++6 bug (LP: #1593583) * imbue datetime parsing with C.UTF-8 locale (Closes: 828011) * prevent C++ locale number formatting in text APIs (try 2) (Closes: 832044) * prevent C++ locale number formatting in text APIs (try 3) (LP: #1611010) (LP: #1592817) * imbue .diff/Index parsing with C.UTF-8 as well [ Julian Andres Klode ] * Use C locale instead of C.UTF-8 for protocol strings * Add shippable.yml for CI on Shippable * Revert "if the FileFd failed already following calls should fail, too" (LP: #1641905) -- Julian Andres Klode Thu, 08 Dec 2016 15:28:08 +0100 ** Changed in: apt (Ubuntu Xenial) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-1252 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Thanks Julian! I tested the apt 1.2.18 packages and found the results far more pleasing: ... Fetched 1,688 kB in 2s (685 kB/s) Reading package lists... Done W: http://mirrors.kernel.org/ubuntu/dists/xenial/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ddebs.gpg are ignored as the file is not readable by user 'root' executing apt-key. W: http://mirrors.kernel.org/ubuntu/dists/xenial-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ddebs.gpg are ignored as the file is not readable by user 'root' executing apt-key. ... It may be a bit verbose, one line per configured source, but for the average user it shouldn't be overwhelming, and it very clearly points to the cause of the problem and the solution. Thanks for working through this with me, I know it took a lot of time and effort. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Hello Seth, or anyone else affected, Accepted apt into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/apt/1.2.18 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: apt (Ubuntu Xenial) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
** Description changed: + [Summary] + + A regression in apt in Xenial 1.2.15 causes "apt-get update" to fail + with "At least one invalid signature was encountered." if there are + files in /etc/apt/trusted.gpg.d/ that are not readable by the _apt user. + + This has the consequence of getting apt "stuck"; it will not be able to + download its own update that fixes the issue. This means that all + affected users must apply the workaround; otherwise they will be stuck + forever. + + [Workaround] + + Make sure all files in /etc/apt/trusted.gpg.d/ are world-readable. For + example: "sudo chmod 644 /etc/apt/trusted.gpg.d/*". Then try "apt-get + update" again. + + Alternatively, you can manually install the fixed version of apt using + dpkg. + [Impact] Breaks update on systems with unreadable GPG keys [Test case] Run apt update with an unreadable GPG key file in trusted.gpg.d. This should work and (stretch goal) print a warning about the key being unreadable. [Regression potential] Low risk. We check that very situation in the automated test suite now like we did a lot of other situations before. The fix has been available in apt since 1.3_rc3 on Aug 30, and there have been no regressions reported since then. [Original bug report] Hello, a recent apt update appears to have broken apt entirely. A coworker reported seeing troubles: http://paste.ubuntu.com/23487135/ To test, I upgraded my laptop then immediately re-ran apt-get update && apt-get -u dist-upgrade: sarnold@hunt:~/Downloads$ sudo apt-get update && sudo apt-get -u dist-upgrade Hit:1 http://mirrors.kernel.org/ubuntu xenial InRelease Hit:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease Hit:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease Ign:4 http://mirrors.kernel.org/ubuntu precise InRelease Get:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease [55.7 kB] Get:6 http://mirrors.kernel.org/ubuntu precise-security InRelease [55.7 kB] Get:7 http://mirrors.kernel.org/ubuntu precise-proposed InRelease [55.7 kB] Ign:8 http://mirrors.kernel.org/ubuntu trusty InRelease Get:9 http://mirrors.kernel.org/ubuntu trusty-updates InRelease [65.9 kB] Hit:10 http://mirrors.kernel.org/ubuntu trusty-security InRelease Get:11 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease [65.9 kB] Get:12 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease [247 kB] Err:1 http://mirrors.kernel.org/ubuntu xenial InRelease At least one invalid signature was encountered. Hit:13 http://security.debian.org jessie/updates InRelease Err:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease At least one invalid signature was encountered. Get:14 http://mirrors.kernel.org/ubuntu yakkety InRelease [247 kB] Err:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease At least one invalid signature was encountered. Hit:15 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease Get:16 http://mirrors.kernel.org/ubuntu yakkety-security InRelease [93.3 kB] Hit:17 http://security.debian.org wheezy/updates InRelease Get:18 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease [95.7 kB] Hit:19 http://mirrors.kernel.org/ubuntu zesty InRelease Hit:20 http://mirrors.kernel.org/ubuntu zesty-updates InRelease Hit:21 http://mirrors.kernel.org/ubuntu zesty-security InRelease Err:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease At least one invalid signature was encountered. Hit:22 http://mirrors.kernel.org/ubuntu zesty-proposed InRelease Hit:23 http://mirrors.kernel.org/ubuntu precise Release Hit:24 http://mirrors.kernel.org/ubuntu trusty Release Ign:25 http://archive.canonical.com/ubuntu precise InRelease Hit:26 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:27 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu vivid InRelease Hit:28 http://ftp.debian.org/debian unstable InRelease Err:6 http://mirrors.kernel.org/ubuntu precise-security InRelease At least one invalid signature was encountered. Err:7 http://mirrors.kernel.org/ubuntu precise-proposed InRelease At least one invalid signature was encountered. Err:9 http://mirrors.kernel.org/ubuntu trusty-updates InRelease At least one invalid signature was encountered. Ign:29 http://archive.canonical.com/ubuntu trusty InRelease Hit:30 http://ppa.launchpad.net/snappy-dev/image/ubuntu vivid InRelease Hit:31 http://ftp.debian.org/debian testing InRelease Err:10 http://mirrors.kernel.org/ubuntu trusty-security InRelease At least one invalid signature was encountered. Err:11 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease At least one invalid signature was encountered. Err:13 http://security.debian.org jessie/updates InRelease At least one invalid signature was encountered. Hit:32 http://archive.canonical.com/ubuntu xenial InRelease Hit:33 http://ppa.launchpad.net/ci-tra
[Bug 1642386] Re: At least one invalid signature was encountered.
Notably the first commit just causes the thing to fail silently, the second one makes apt forward the warning on an update. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Uploaded 1.2.17 to xenial-proposed apt (1.2.17) xenial; urgency=medium [ David Kalnischkies ] * apt-key: warn instead of fail on unreadable keyrings (LP: #1642386) * show apt-key warnings in apt update (Closes: 834973) [ Julian Andres Klode ] * test-releasefile-verification: installaptold: Clean up before run -- Julian Andres Klode Wed, 23 Nov 2016 20:09:27 +0100 ** Changed in: apt (Ubuntu Xenial) Status: Triaged => In Progress ** Description changed: + [Impact] + Breaks update on systems with unreadable GPG keys + + [Test case] + Run apt update with an unreadable GPG key file in trusted.gpg.d. This should work and (stretch goal) print a warning about the key being unreadable. + + [Regression potential] + Low risk. We check that very situation in the automated test suite now like we did a lot of other situations before. The fix has been available in apt since 1.3_rc3 on Aug 30, and there have been no regressions reported since then. + + [Original bug report] Hello, a recent apt update appears to have broken apt entirely. A coworker reported seeing troubles: http://paste.ubuntu.com/23487135/ To test, I upgraded my laptop then immediately re-ran apt-get update && apt-get -u dist-upgrade: sarnold@hunt:~/Downloads$ sudo apt-get update && sudo apt-get -u dist-upgrade Hit:1 http://mirrors.kernel.org/ubuntu xenial InRelease - Hit:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease - Hit:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease - Ign:4 http://mirrors.kernel.org/ubuntu precise InRelease - Get:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease [55.7 kB] - Get:6 http://mirrors.kernel.org/ubuntu precise-security InRelease [55.7 kB] - Get:7 http://mirrors.kernel.org/ubuntu precise-proposed InRelease [55.7 kB] - Ign:8 http://mirrors.kernel.org/ubuntu trusty InRelease - Get:9 http://mirrors.kernel.org/ubuntu trusty-updates InRelease [65.9 kB] - Hit:10 http://mirrors.kernel.org/ubuntu trusty-security InRelease - Get:11 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease [65.9 kB] - Get:12 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease [247 kB] - Err:1 http://mirrors.kernel.org/ubuntu xenial InRelease - At least one invalid signature was encountered. - Hit:13 http://security.debian.org jessie/updates InRelease - Err:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease - At least one invalid signature was encountered. - Get:14 http://mirrors.kernel.org/ubuntu yakkety InRelease [247 kB] - Err:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease - At least one invalid signature was encountered. - Hit:15 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease - Get:16 http://mirrors.kernel.org/ubuntu yakkety-security InRelease [93.3 kB] - Hit:17 http://security.debian.org wheezy/updates InRelease - Get:18 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease [95.7 kB] - Hit:19 http://mirrors.kernel.org/ubuntu zesty InRelease - Hit:20 http://mirrors.kernel.org/ubuntu zesty-updates InRelease - Hit:21 http://mirrors.kernel.org/ubuntu zesty-security InRelease - Err:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease - At least one invalid signature was encountered. - Hit:22 http://mirrors.kernel.org/ubuntu zesty-proposed InRelease - Hit:23 http://mirrors.kernel.org/ubuntu precise Release - Hit:24 http://mirrors.kernel.org/ubuntu trusty Release - Ign:25 http://archive.canonical.com/ubuntu precise InRelease - Hit:26 http://security.ubuntu.com/ubuntu xenial-security InRelease
[Bug 1642386] Re: At least one invalid signature was encountered.
>You can fix your permissions on your trusted.gpg and trusted.gpg.d files in /etc/apt, so that the files are world-readable (chmod ugo+r /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d -R) [or give access to root and _apt via acls]. That has been successful for me. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Thanks for verifying. I should have the final update ready within the next 16-48 hours. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Julian, I modified the script.sh to include the following line: sudo LD_LIBRARY_PATH=$PWD/build/bin/ ./build/bin/apt-get update -o Dir::Bin::Apt-Key="$PWD/build/bin/apt-key" -o Dir::Bin::Methods="$PWD/build/bin/methods/" 2>&1 | tee update.log When run from remotes/julian/for-1.2/apt-key I get the usual progress I expect. When run from remotes/origin/1.2.y I get the errors as described above. Oddly enough I don't see the text "The key(s) in the keyring $1 are ignored as the file is not readable by user '$USER' executing apt-key." in the output. (But I don't think I'm currently configured to download sources from ddebs.ubuntu.com, which is the host corresponding to the unreadable key.) Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Julian, looks like you win this year's remote-debugging-via-crystal-ball award! $ find /etc/apt -ls | grep sarnold 2572875 4 -rw--- 1 sarnold sarnold 1740 Mar 23 2016 /etc/apt/trusted.gpg.d/ddebs.gpg Well done :D Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
You can fix your permissions on your trusted.gpg and trusted.gpg.d files in /etc/apt, so that the files are world-readable (chmod ugo+r /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d -R) [or give access to root and _apt via acls]. You don't have to do that, though - it will start "working" again in 1.2.17. "working" in the sense that unreadable files are ignored (or warned about, not sure yet). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
But of course: If you safely want to get apt 1.2.17 via apt 1.2.15, you have to have correct permissions first - otherwise your old apt won't see the new apt. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Is there something we Xenial users need to do to resolve this? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
OK, the reason this happens is that some of your key files are not readable (I'm not sure, but it might be running as _apt). The commit mentioned introduced a regresssion in that it does not ignore failures from unreadable key files. This was fixed in 1.3~rc3 in commit 105503b4b470c124bc0c271bd8a50e25ecbe9133. I cherry-picked that change in my for-1.2/apt-key branch in https://github.com/julian-klode/apt. You should be able to verify this by adding -o Dir::Bin::Apt- Key="$PWD/build/bin/apt-key" to the apt-get invocation in the script and then running it once with the normal 1.2.y branch and once with my for-1.2/apt-key branch. The test suite currently fails, as the new tests added depend on some other changes, once I got those merged I can upload it as 1.2.17 (1.2.16 is already in the unapproved queue for -proposed, it fixes bugs with localized strings in protocols). ** Also affects: apt (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: apt (Ubuntu Xenial) Status: New => Triaged ** Changed in: apt (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Ah, apt-key explains it. We did not catch that in the bisect correctly, as I forgot to specify -o Dir::Bin::apt-key=$PWD/build/bin/apt-key :/ This means it is a regression introduced in: commit b515fe3a0012c1f155dbf6a4199e919fec102578 Author: David Kalnischkies Date: Thu Jun 2 11:12:39 2016 +0200 apt-key: change to / before find to satisfy its CWD needs First seen on hurd, but easily reproducible on all systems by removing the 'execution' bit from the current working directory and watching some tests (mostly the no-output expecting tests) fail due to find printing: "find: Failed to restore initial working directory: …" Samuel Thibault says in the bugreport: | To do its work, find first records the $PWD, then goes to | /etc/apt/trusted.gpg.d/ to find the files, and then goes back to $PWD. | | On Linux, getting $PWD from the 700 directory happens to work by luck | (POSIX says that getcwd can return [EACCES]: Search permission was denied | for the current directory, or read or search permission was denied for a | directory above the current directory in the file hierarchy). And going | back to $PWD fails, and thus find returns 1, but at least it emitted its | output. | | On Hurd, getting $PWD from the 700 directory fails, and find thus aborts | immediately, without emitting any output, and thus no keyring is found. | | So, to summarize, the issue is that since apt-get update runs find as a | non-root user, running it from a 700 directory breaks find. Solved as suggested by changing to '/' before running find, with some paranoia extra care taking to ensure the paths we give to find are really absolute paths first (they really should, but TMPDIR=. or a similar Dir::Etc::trustedparts setting could exist somewhere in the wild). The commit takes also the opportunity to make these lines slightly less error ignoring and the two find calls using (mostly) the same parameters. Thanks: Samuel Thibault for 'finding' the culprit! Closes: 826043 (cherry picked from commit 0cfec3ab589c6309bf284438d2148c7742cdaf10) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Julian, thanks for your patience. I'm not able to offer a shell on the affected machine, so debugging this is just going to have to go at a snail's pace. I read strace and ltrace logs from both 1.2.12-ish and 1.2.15 apt packages and narrowed it down to /usr/bin/apt-key. When I use the /usr/bin/apt-key from apt_1.2.12~ubuntu16.04.1_amd64.deb (but everything else from 1.2.15 packaging) my apt-get update runs as I expect. I'll attach the diff between the two (NOT A FIX). Thanks ** Patch added: "apt-key.patch" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4779725/+files/apt-key.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Yeah, valgrind is a bit noisy always because we are building the cache in memory before (1) writing it to the disk and the write includes unused regions and (2) we are hashing the entire thing before writing it, including the uninitialised bytes. So that means while we do have a few uninitialized bytes, it's actually safe. This bug is fairly strange. Especially git vs packages. The only thing different when building via git is that hardening flags are not used. You could export those: DEB_BUILD_MAINT_OPTIONS=hardening=+all dpkg-buildflags export CXXFLAGS LDFLAGS CPPFLAGS but I seriously doubt that's the problem (if git always worked instead of always failed, this might have made sense). If I had a user account on an affected machine, where If I had a user account on an affected machine (it needs to be reproducible by creating a fake root directory, and copying etc/apt and var/lib/apt to it, then I can use -o Dir=$PATH_TO_FAKE_ROOT instead of needing root), where I can build apt and have tools like valgrind, gdb; I could (try to) debug that myself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Turns out the valgrind messages aren't regressions either. Here's the older apt packages again which seemed to work okay: ==25043== ==25043== HEAP SUMMARY: ==25043== in use at exit: 13,118,211 bytes in 170,033 blocks ==25043== total heap usage: 626,066 allocs, 456,033 frees, 69,255,845 bytes allocated ==25043== ==25043== LEAK SUMMARY: ==25043==definitely lost: 0 bytes in 0 blocks ==25043==indirectly lost: 0 bytes in 0 blocks ==25043== possibly lost: 0 bytes in 0 blocks ==25043==still reachable: 13,118,211 bytes in 170,033 blocks ==25043== suppressed: 0 bytes in 0 blocks ==25043== Rerun with --leak-check=full to see details of leaked memory ==25043== ==25043== For counts of detected and suppressed errors, rerun with: -v ==25043== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==23213== Conditional jump or move depends on uninitialised value(s) ==23213==at 0x4F4D240: pkgCache::ReMap(bool const&) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4F55598: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4F577E4: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4EBA081: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51EC5A1: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x4ECDFA5: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51BEDF2: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x10BB38: ??? (in /usr/bin/apt-get) ==23213==by 0x59B482F: (below main) (libc-start.c:291) ==23213== Uninitialised value was created by a stack allocation ==23213==at 0x4F5527D: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213== ==23213== Syscall param write(buf) points to uninitialised byte(s) ==23213==at 0x5A8A6E0: __write_nocancel (syscall-template.S:84) ==23213==by 0x4ED5CAB: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4E7A150: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4F57876: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4EBA081: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51EC5A1: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x4ECDFA5: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51BEDF2: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x10BB38: ??? (in /usr/bin/apt-get) ==23213==by 0x59B482F: (below main) (libc-start.c:291) ==23213== Address 0xe401007 is in a rw- anonymous segment ==23213== ==23213== Syscall param write(buf) points to uninitialised byte(s) ==23213==at 0x5A8A6E0: __write_nocancel (syscall-template.S:84) ==23213==by 0x4ED5CAB: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4E7A1A7: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4F57876: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4EBA081: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51EC5A1: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x4ECDFA5: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51BEDF2: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x10BB38: ??? (in /usr/bin/apt-get) ==23213==by 0x59B482F: (below main) (libc-start.c:291) ==23213== Address 0xe401007 is in a rw- anonymous segment ==23213== ==23213== Syscall param write(buf) points to uninitialised byte(s) ==23213==at 0x5A8A6E0: __write_nocancel (syscall-template.S:84) ==23213==by 0x4ED5CAB: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4E7A150: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4F574E4: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x4EBA081: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23213==by 0x51EC5A1: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==23213==by 0x4ECDFA5: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==23
[Bug 1642386] Re: At least one invalid signature was encountered.
On a whim I ran apt-get update through valgrind: ==22064== ==22064== HEAP SUMMARY: ==22064== in use at exit: 695,606 bytes in 7,018 blocks ==22064== total heap usage: 67,584 allocs, 60,566 frees, 18,503,180 bytes allocated ==22064== ==22064== LEAK SUMMARY: ==22064==definitely lost: 0 bytes in 0 blocks ==22064==indirectly lost: 0 bytes in 0 blocks ==22064== possibly lost: 0 bytes in 0 blocks ==22064==still reachable: 695,606 bytes in 7,018 blocks ==22064== suppressed: 0 bytes in 0 blocks ==22064== Rerun with --leak-check=full to see details of leaked memory ==22064== ==22064== For counts of detected and suppressed errors, rerun with: -v ==22064== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0) ==20846== Conditional jump or move depends on uninitialised value(s) ==20846==at 0x4F4DA00: pkgCache::ReMap(bool const&) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4F55E68: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4F580B4: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4EBAA51: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51EE809: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x4ECEA25: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51C0E62: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x10BB38: ??? (in /usr/bin/apt-get) ==20846==by 0x59B682F: (below main) (libc-start.c:291) ==20846== Uninitialised value was created by a stack allocation ==20846==at 0x4F55B4D: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846== ==20846== Syscall param write(buf) points to uninitialised byte(s) ==20846==at 0x5A8C6E0: __write_nocancel (syscall-template.S:84) ==20846==by 0x4ED6B13: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4E7A460: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4F58146: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4EBAA51: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51EE809: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x4ECEA25: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51C0E62: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x10BB38: ??? (in /usr/bin/apt-get) ==20846==by 0x59B682F: (below main) (libc-start.c:291) ==20846== Address 0xd003007 is in a rw- anonymous segment ==20846== ==20846== Syscall param write(buf) points to uninitialised byte(s) ==20846==at 0x5A8C6E0: __write_nocancel (syscall-template.S:84) ==20846==by 0x4ED6B13: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4E7A4B7: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4F58146: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4EBAA51: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51EE809: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x4ECEA25: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51C0E62: DispatchCommandLine(CommandLine&, std::vector > const&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x10BB38: ??? (in /usr/bin/apt-get) ==20846==by 0x59B682F: (below main) (libc-start.c:291) ==20846== Address 0xd003007 is in a rw- anonymous segment ==20846== ==20846== Syscall param write(buf) points to uninitialised byte(s) ==20846==at 0x5A8C6E0: __write_nocancel (syscall-template.S:84) ==20846==by 0x4ED6B13: FileFd::Write(void const*, unsigned long long) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4E7A460: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4F57DB4: ??? (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x4EBAA51: pkgCacheFile::BuildCaches(OpProgress*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51EE809: DoUpdate(CommandLine&) (in /usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0) ==20846==by 0x4ECEA25: CommandLine::DispatchArg(CommandLine::Dispatch const*, bool) (in /usr/lib/x86_64-linux-gnu/libapt-pkg.so.5.0.0) ==20846==by 0x51C0E62: DispatchCommandLine(CommandLine&, std::vector > const&) (in /
[Bug 1642386] Re: At least one invalid signature was encountered.
I reinstalled the latest xenial packages: ii apt 1.2.15 amd64commandline package manager ii apt-transport-https 1.2.15 amd64https download transport for APT ii libapt-inst2.0:amd64 1.2.15 amd64deb package format runtime library ii libapt-pkg-perl 0.1.29build7 amd64Perl interface to libapt-pkg ii libapt-pkg5.0:amd64 1.2.15 amd64package management runtime library and now apt-get update is unhappy again: sarnold@hunt:/mnt/ubuntu/.zfs/snapshot/rsync.30/pool/main/a/apt$ sudo apt-get update Hit:1 http://mirrors.kernel.org/ubuntu xenial InRelease Hit:2 http://security.debian.org jessie/updates InRelease Hit:3 http://security.debian.org wheezy/updates InRelease Hit:4 http://mirrors.kernel.org/ubuntu xenial-updates InRelease Hit:5 http://mirrors.kernel.org/ubuntu xenial-security InRelease Ign:6 http://mirrors.kernel.org/ubuntu precise InRelease Hit:7 http://mirrors.kernel.org/ubuntu precise-updates InRelease Err:1 http://mirrors.kernel.org/ubuntu xenial InRelease At least one invalid signature was encountered. Hit:8 http://mirrors.kernel.org/ubuntu precise-security InRelease Hit:9 http://mirrors.kernel.org/ubuntu precise-proposed InRelease Ign:10 http://mirrors.kernel.org/ubuntu trusty InRelease Err:2 http://security.debian.org jessie/updates InRelease At least one invalid signature was encountered. Hit:11 http://mirrors.kernel.org/ubuntu trusty-updates InRelease Hit:12 http://mirrors.kernel.org/ubuntu trusty-security InRelease Err:3 http://security.debian.org wheezy/updates InRelease At least one invalid signature was encountered. Hit:13 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease Hit:14 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease Hit:15 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu vivid InRelease Ign:16 http://archive.canonical.com/ubuntu precise InRelease Get:17 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Err:4 http://mirrors.kernel.org/ubuntu xenial-updates InRelease At least one invalid signature was encountered. Hit:18 http://mirrors.kernel.org/ubuntu yakkety InRelease Hit:19 http://ftp.debian.org/debian unstable InRelease Hit:20 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease Hit:21 http://mirrors.kernel.org/ubuntu yakkety-security InRelease Err:5 http://mirrors.kernel.org/ubuntu xenial-security InRelease At least one invalid signature was encountered. Hit:22 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease Hit:23 http://mirrors.kernel.org/ubuntu zesty InRelease Err:7 http://mirrors.kernel.org/ubuntu precise-updates InRelease At least one invalid signature was encountered. Hit:24 http://mirrors.kernel.org/ubuntu zesty-updates InRelease Ign:25 http://archive.canonical.com/ubuntu trusty InRelease Hit:26 http://ppa.launchpad.net/snappy-dev/image/ubuntu vivid InRelease Hit:27 http://mirrors.kernel.org/ubuntu zesty-security InRelease Hit:28 http://ftp.debian.org/debian testing InRelease Err:8 http://mirrors.kernel.org/ubuntu precise-security InRelease At least one invalid signature was encountered. Hit:29
[Bug 1642386] Re: At least one invalid signature was encountered.
The files in partial/ don't look too damning: root@hunt:/var/lib/apt/lists/partial# file * ftp.debian.org_debian_dists_jessie-updates_contrib_source_Sources: empty ftp.debian.org_debian_dists_wheezy-updates_contrib_source_Sources: empty mirrors.kernel.org_ubuntu_dists_xenial-proposed_restricted_source_Sources: empty mirrors.kernel.org_ubuntu_dists_yakkety-proposed_multiverse_source_Sources: empty mirrors.kernel.org_ubuntu_dists_yakkety-proposed_restricted_source_Sources: empty mirrors.kernel.org_ubuntu_dists_yakkety-security_restricted_source_Sources: empty mirrors.kernel.org_ubuntu_dists_yakkety-updates_restricted_source_Sources: empty mirrors.kernel.org_ubuntu_dists_zesty-proposed_restricted_source_Sources: empty security.debian.org_dists_jessie_updates_contrib_source_Sources: ASCII text, with very long lines root@hunt:/var/lib/apt/lists/partial# cat security.debian.org_dists_jessie_updates_contrib_source_Sources Package: virtualbox Binary: virtualbox-qt, virtualbox, virtualbox-dbg, virtualbox-dkms, virtualbox-source, virtualbox-guest-dkms, virtualbox-guest-source, virtualbox-guest-x11, virtualbox-guest-utils Version: 4.3.36-dfsg-1+deb8u1 Maintainer: Debian Virtualbox Team Uploaders: Ritesh Raj Sarraf , Gianfranco Costamagna Build-Depends: bzip2, debhelper (>= 9), default-jdk, dh-python, dkms (>= 2.1.1.1), docbook-xml, docbook-xsl, dpkg-dev (>= 1.15.6~), g++-multilib, genisoimage, gsoap (>= 2.8.16), iasl, imagemagick, kbuild (>= 1:0.1.9998svn2695), libasound2-dev, libcap-dev, libcurl4-gnutls-dev, libdevmapper-dev, libdrm-dev, libgl1-mesa-dev, libglu1-mesa-dev, libidl-dev, libpam0g-dev, libpixman-1-dev, libpng-dev, libpulse-dev, libqt4-dev (>= 4.4.0), libqt4-network (>= 4.4.0), libqt4-opengl-dev (>= 4.4.0), libsdl1.2-dev, libssl-dev, libvncserver-dev, libvpx-dev, libx11-dev, libxcomposite-dev, libxcursor-dev, libxdamage-dev, libxext-dev, libxi-dev, libxinerama-dev, libxml2-dev, libxmu-dev, libxrandr-dev, libxrender-dev, libxslt1-dev, libxt-dev, lsb-release, lynx-cur, makeself, module-assistant, python-dev (>= 2.6.6-3~), texlive-fonts-extra, texlive-fonts-recommended, texlive-latex-extra, texlive-latex-recommended, uuid-dev, x11proto-gl-dev, x11proto-xf86dri-dev, xserver-xorg-dev, xsltproc, yasm (>= 0.7.0) , zlib1g-dev Architecture: amd64 i386 all Standards-Version: 3.9.6 Format: 3.0 (quilt) Files: a21ddb4a21ad729519508d28b14e20b5 3696 virtualbox_4.3.36-dfsg-1+deb8u1.dsc 1423337a5a9970dda72e60fcaa0f8d05 47713148 virtualbox_4.3.36-dfsg.orig.tar.xz 8010c3b4e28f7910e44d9ec9ea9376ef 75292 virtualbox_4.3.36-dfsg-1+deb8u1.debian.tar.xz Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-virtualbox/virtualbox.git Vcs-Git: git://anonscm.debian.org/pkg-virtualbox/virtualbox.git Checksums-Sha1: 686d044b04e48816db96db89b425f3758ba80e26 3696 virtualbox_4.3.36-dfsg-1+deb8u1.dsc b458c3c7ce0f1e9081dbcde9e39325653962a449 47713148 virtualbox_4.3.36-dfsg.orig.tar.xz 55a72ca9a4ddcd19fa983b31f2a519273eea51b8 75292 virtualbox_4.3.36-dfsg-1+deb8u1.debian.tar.xz Checksums-Sha256: f5703f0247ad06c375f529ace969cee15627a4d670fc948f13e8c9ebef1f9710 3696 virtualbox_4.3.36-dfsg-1+deb8u1.dsc 09e7159d4e406ec9f0834e680bb4f3651519a5bbf535c8cc83fb635c2fd96f39 47713148 virtualbox_4.3.36-dfsg.orig.tar.xz d06cd6dde60e6cdfb44ac03feede7ce10bc6e720a38781cb2c9d84b0f7099bae 75292 virtualbox_4.3.36-dfsg-1+deb8u1.debian.tar.xz Homepage: http://www.virtualbox.org/ Package-List: virtualbox deb contrib/misc optional arch=amd64,i386 virtualbox-dbg deb contrib/debug extra arch=amd64,i386 virtualbox-dkms deb contrib/kernel optional arch=all virtualbox-guest-dkms deb contrib/kernel optional arch=all virtualbox-guest-source deb contrib/kernel optional arch=all virtualbox-guest-utils deb contrib/misc optional arch=amd64,i386 virtualbox-guest-x11 deb contrib/x11 optional arch=amd64,i386 virtualbox-qt deb contrib/misc optional arch=amd64,i386 virtualbox-source deb contrib/kernel optional arch=all Directory: pool/updates/contrib/v/virtualbox Priority: source Section: contrib/misc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Based on the funny git results, I re-installed the packages: 3243aa899fcf2f09b910b7429eeae6205a71c379a45c0e8e31723836bb094163 apt_1.2.12~ubuntu16.04.1_amd64.deb 5b9a82b1dc1f82fc3655038336d099410d643d5188629aba475050d7f9bd99c3 apt-transport-https_1.2.12~ubuntu16.04.1_amd64.deb 25af186c488f2b7f31dcef15776bfe4dd1a7a3c98a1d378937f07365eb9aa95a libapt-inst2.0_1.2.12~ubuntu16.04.1_amd64.deb b84273b8bfddea9aa5be26b2dd2e7ed449503a93c92ac5522fdfa74ae6f61c22 libapt-pkg5.0_1.2.12~ubuntu16.04.1_amd64.deb With these packages installed, apt-get update works as I expect: sarnold@hunt:/mnt/ubuntu/.zfs/snapshot/rsync.30/pool/main/a/apt$ sudo apt-get update Hit:1 http://mirrors.kernel.org/ubuntu xenial InRelease Hit:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease Hit:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease Ign:4 http://mirrors.kernel.org/ubuntu precise InRelease Hit:5 http://security.debian.org jessie/updates InRelease Hit:6 http://mirrors.kernel.org/ubuntu precise-updates InRelease Hit:7 http://mirrors.kernel.org/ubuntu precise-security InRelease Hit:8 http://mirrors.kernel.org/ubuntu precise-proposed InRelease Hit:9 http://security.debian.org wheezy/updates InRelease Ign:10 http://mirrors.kernel.org/ubuntu trusty InRelease Hit:11 http://mirrors.kernel.org/ubuntu trusty-updates InRelease Hit:12 http://mirrors.kernel.org/ubuntu trusty-security InRelease Hit:13 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease Hit:14 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease Hit:15 http://mirrors.kernel.org/ubuntu yakkety InRelease Ign:16 http://archive.canonical.com/ubuntu precise InRelease Hit:17 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu vivid InRelease Hit:18 http://security.ubuntu.com/ubuntu xenial-security InRelease Hit:19 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease Hit:20 http://ftp.debian.org/debian unstable InRelease Hit:21 http://mirrors.kernel.org/ubuntu yakkety-security InRelease Hit:22 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease Hit:23 http://mirrors.kernel.org/ubuntu zesty InRelease Hit:24 http://mirrors.kernel.org/ubuntu zesty-updates InRelease Hit:25 http://mirrors.kernel.org/ubuntu zesty-security InRelease Hit:26 http://mirrors.kernel.org/ubuntu zesty-proposed InRelease Ign:27 http://archive.canonical.com/ubuntu trusty InRelease Hit:28 http://ppa.launchpad.net/snappy-dev/image/ubuntu vivid InRelease Hit:29 http://mirrors.kernel.org/ubuntu precise Release Hit:30 http://ftp.debian.org/debian testing InRelease Hit:31 http://mirrors.kernel.org/ubuntu trusty Release Hit:32 http://archive.canonical.com/ubuntu xenial InRelease Hit:33 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu xenial InRelease Ign:34 http://ftp.debian.org/debian jessie InRelease Hit:35 http://archive.canonical.com/ubuntu yakkety InRelease Hit:36 http://ftp.debian.org/debian jessie-updates InRelease Hit:37 http://archive.canonical.com/ubuntu zesty InRelease Ign:38 http://ftp.debian.org/debian wheezy InRelease Hit:39 http://archive.canonical.com/ubuntu precise Release Hit:40 http://ftp.debian.org/debian wheezy-updates InRelease Hit:41 http://archive.canonical.com/ubuntu trusty Release Hit:42 http://ftp.debian.org/debian jessie Release Hit:43 http://ftp.debian.or
[Bug 1642386] Re: At least one invalid signature was encountered.
What we see from your debug output is that gpgv is not returning any sensible information: Summary: Good: Bad: Worthless: SoonWorthless: NoPubKey: You could try running apt-key verify manually on a few InRelease files (like apt-key verify /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_xenial_InRelease) and see if that gives us any clue - or at least look at the files (especially in partial/), maybe they are garbage. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
First thanks for the files. Unfortunately, I can't reproduce it with the files either. It must be a fairly system-specific bug. > HEAD is now at 235347e... Release 1.2.12 > $ make fast > [... with errors] Whoa, if it happens with the 1.2.12 checkout too, then something else seems wrong. I picked that as the "good" commit, as it apparently worked in your first log file. But with 1.2.12 failing in the checkout as well, that seems really weird. You could try older 1.2 versions if you want, specifying bad as 1.2.12, and good as 1.2.10, for example (1.2.10 is basically the version xenial shipped with). So this does not really look like a regression because it apparently happens with the previously installed version as well now (at least when built via git). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
I'm skeptical of the git bisect results: $ git checkout cde5b485c9cdf0bfd5b6ea8e4973abe378270e60^ Previous HEAD position was cde5b48... fail instead of segfault on unreadable config files HEAD is now at 235347e... Release 1.2.12 $ make fast Compiling cachefile.cc to ../build/obj/apt-pkg/cachefile.opic Compiling policy.cc to ../build/obj/apt-pkg/policy.opic Building shared library ../build/bin/libapt-pkg.so.5.0.0 Compiling contrib/arfile.cc to ../build/obj/apt-inst/arfile.opic Compiling contrib/extracttar.cc to ../build/obj/apt-inst/extracttar.opic Compiling deb/debfile.cc to ../build/obj/apt-inst/debfile.opic Compiling dirstream.cc to ../build/obj/apt-inst/dirstream.opic Compiling extract.cc to ../build/obj/apt-inst/extract.opic Compiling filelist.cc to ../build/obj/apt-inst/filelist.opic Building shared library ../build/bin/libapt-inst.so.2.0.0 Compiling private-cacheset.cc to ../build/obj/apt-private/private-cacheset.opic Compiling private-list.cc to ../build/obj/apt-private/private-list.opic Compiling private-depends.cc to ../build/obj/apt-private/private-depends.opic Compiling private-show.cc to ../build/obj/apt-private/private-show.opic Building shared library ../build/bin/libapt-private.so.0.0.0 Compiling apt-mark.cc to ../build/obj/cmdline/apt-mark.o Building program ../build/bin/apt-mark Must have libdb to build apt-ftparchive $ sudo rm -rf /var/lib/apt/lists sarnold@hunt:~/trees/apt$ sudo LD_LIBRARY_PATH=$PWD/build/bin/ ./build/bin/apt-get update -o Dir::Bin::Methods="$PWD/build/bin/methods/" 2>&1 | tee update.log Get:1 http://mirrors.kernel.org/ubuntu xenial InRelease [247 kB] Get:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease [95.7 kB] Get:3 http://security.debian.org jessie/updates InRelease [63.1 kB] Get:4 http://mirrors.kernel.org/ubuntu xenial-security InRelease [94.5 kB] Ign:5 http://mirrors.kernel.org/ubuntu precise InRelease Get:6 http://mirrors.kernel.org/ubuntu precise-updates InRelease [55.7 kB] Get:7 http://mirrors.kernel.org/ubuntu precise-security InRelease [55.7 kB] Get:8 http://mirrors.kernel.org/ubuntu precise-proposed InRelease [55.7 kB] Ign:9 http://mirrors.kernel.org/ubuntu trusty InRelease Get:10 http://mirrors.kernel.org/ubuntu trusty-updates InRelease [65.9 kB] Get:11 http://mirrors.kernel.org/ubuntu trusty-security InRelease [65.9 kB] Get:12 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease [65.9 kB] Get:13 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease [247 kB] Get:14 http://mirrors.kernel.org/ubuntu yakkety InRelease [247 kB] Get:15 http://security.debian.org wheezy/updates InRelease [40.6 kB] Get:16 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease [94.5 kB] Get:17 http://mirrors.kernel.org/ubuntu yakkety-security InRelease [93.3 kB] Get:18 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease [95.7 kB] Get:19 http://mirrors.kernel.org/ubuntu zesty InRelease [247 kB] Ign:1 http://mirrors.kernel.org/ubuntu xenial InRelease Get:20 http://mirrors.kernel.org/ubuntu zesty-updates InRelease [92.1 kB] Get:21 http://mirrors.kernel.org/ubuntu zesty-security InRelease [92.2 kB] Get:22 http://mirrors.kernel.org/ubuntu zesty-proposed InRelease [95.6 kB] Get:23 http://mirrors.kernel.org/ubuntu precise Release [49.6 kB] Get:24 http://mirrors.kernel.org/ubuntu trusty Release [58.5 kB] Get:25 http://mirrors.kernel.org/ubuntu xenial/main Sources [868 kB] Get:26 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Get:27 http://mirrors.kernel.org/ubuntu xenial/restricted Sources [4,808 B] Get:28 http://mirrors.kernel.org/ubuntu xenial/universe Sources [7,728 kB] Ign:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease Ign:4 http://mirrors.kernel.org/ubuntu xenial-security InRelease Ign:29 http://archive.canonical.com/ubuntu precise InRelease Get:30 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu vivid InRelease [20.9 kB] Get:31 http://ftp.debian.org/debian unstable InRelease [219 kB] Get:32 http://mirrors.kernel.org/ubuntu xenial/multiverse Sources [179 kB] Get:33 http://mirrors.kernel.org/ubuntu xenial/main amd64 Packages [1,201 kB] Ign:6 http://mirrors.kernel.org/ubuntu precise-updates InRelease Get:34 http://mirrors.kernel.org/ubuntu xenial/main i386 Packages [1,196 kB] Get:35 http://mirrors.kernel.org/ubuntu xenial/main Translation-en [568 kB] Get:36 http://mirrors.kernel.org/ubuntu xenial/restricted amd64 Packages [8,344 B] Get:37 http://mirrors.kernel.org/ubuntu xenial/restricted i386 Packages [8,684 B] Get:38 http://mirrors.kernel.org/ubuntu xenial/restricted Translation-en [2,908 B] Get:39 http://mirrors.kernel.org/ubuntu xenial/universe amd64 Packages [7,532 kB] Ign:7 http://mirrors.kernel.org/ubuntu precise-security InRelease Ign:40 http://archive.canonical.com/ubuntu trusty InRelease Ign:8 http://mirrors.kernel.org/ubuntu precise-proposed InRelease Get:41 http://mirrors.kernel.org/ubuntu xenial/universe i386 Packages [7,512 kB] Ign:10 http://mirrors.kernel.org/ubuntu tr
[Bug 1642386] Re: At least one invalid signature was encountered.
And the results of git bisect, thanks for the excellent instruction and script! cde5b485c9cdf0bfd5b6ea8e4973abe378270e60 is the first bad commit commit cde5b485c9cdf0bfd5b6ea8e4973abe378270e60 Author: David Kalnischkies Date: Fri May 20 09:37:24 2016 +0200 fail instead of segfault on unreadable config files The report mentions "apt list --upgradable", but there are others which have inconsistent behavior ranging from segfaulting to doing something with the partial (and hence incomplete) data. We had a recent report about sources.list (#818628), this one mentions prefences, the obvious next step is conf files… so the testcase is adapted to check for all three in file and directory versions and run a bunch of commands each time which should all have more or less the same behavior in such a case (aka error out). Closes: 824503 (cherry picked from commit fdf9eef4d96a18d0167708499c993e1174251e88) :04 04 04f4856e0a9313f9f51a5a6dc56c9af005ac54f4 98d34296e4f9212a124515095f6ed9afd5739111 M apt-pkg :04 04 d48745d59ec9dd40087de492197c7a1060d1451d a5038f3b3730d8ba9e070f68a60af11fbe0e7ac3 M apt-private :04 04 cfb7d9b7f8130e98173cf09a56eea0c232cc75fa c2f0ed862e98021705643c42a1b549306b648c15 M cmdline :04 04 24d65ae746427999b728b85acb6969f509885cb1 82f28b27a48c3a6cf5b9caaf6434512a4a5dd79f M test bisect run success -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Tarball of /etc/apt and /var/lib/apt ** Attachment added: "Tarball of /etc/apt and /var/lib/apt" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778362/+files/apt-etc-and-var.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
393c61b8e29bd1923a5fe8abf4690c24e7f498aa8a4f5954a6a87da7d05a0bef apt- etc-and-var.tar.xz -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
sarnold@hunt:/var/lib/apt$ sudo mv lists lists.old sarnold@hunt:/var/lib/apt$ sudo apt-get update Get:1 http://mirrors.kernel.org/ubuntu xenial InRelease [247 kB] Get:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease [95.7 kB] Get:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease [94.5 kB] Ign:4 http://mirrors.kernel.org/ubuntu precise InRelease Get:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease [55.7 kB] Get:6 http://mirrors.kernel.org/ubuntu precise-security InRelease [55.7 kB] Get:7 http://mirrors.kernel.org/ubuntu precise-proposed InRelease [55.7 kB] Ign:8 http://mirrors.kernel.org/ubuntu trusty InRelease Get:9 http://mirrors.kernel.org/ubuntu trusty-updates InRelease [65.9 kB] Get:10 http://mirrors.kernel.org/ubuntu trusty-security InRelease [65.9 kB] Get:11 http://mirrors.kernel.org/ubuntu trusty-proposed InRelease [65.9 kB] Get:12 http://mirrors.kernel.org/ubuntu xenial-proposed InRelease [247 kB] Get:13 http://mirrors.kernel.org/ubuntu yakkety InRelease [247 kB] Get:14 http://mirrors.kernel.org/ubuntu yakkety-updates InRelease [94.5 kB] Get:15 http://mirrors.kernel.org/ubuntu yakkety-security InRelease [93.3 kB] Get:16 http://mirrors.kernel.org/ubuntu yakkety-proposed InRelease [95.7 kB] Get:17 http://mirrors.kernel.org/ubuntu zesty InRelease [247 kB] Ign:1 http://mirrors.kernel.org/ubuntu xenial InRelease Get:18 http://security.debian.org jessie/updates InRelease [63.1 kB] Get:19 http://mirrors.kernel.org/ubuntu zesty-updates InRelease [92.1 kB] Get:20 http://mirrors.kernel.org/ubuntu zesty-security InRelease [92.2 kB] Get:21 http://mirrors.kernel.org/ubuntu zesty-proposed InRelease [95.6 kB] Get:22 http://mirrors.kernel.org/ubuntu precise Release [49.6 kB] Get:23 http://mirrors.kernel.org/ubuntu trusty Release [58.5 kB] Get:24 http://mirrors.kernel.org/ubuntu xenial/main Sources [868 kB] Ign:2 http://mirrors.kernel.org/ubuntu xenial-updates InRelease Get:25 http://mirrors.kernel.org/ubuntu xenial/restricted Sources [4,808 B] Get:26 http://mirrors.kernel.org/ubuntu xenial/universe Sources [7,728 kB] Ign:3 http://mirrors.kernel.org/ubuntu xenial-security InRelease Get:27 http://security.debian.org wheezy/updates InRelease [40.6 kB] Get:28 http://ftp.debian.org/debian unstable InRelease [219 kB] Get:29 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Ign:30 http://archive.canonical.com/ubuntu precise InRelease Get:31 http://ppa.launchpad.net/ci-train-ppa-service/stable-phone-overlay/ubuntu vivid InRelease [20.9 kB] Ign:5 http://mirrors.kernel.org/ubuntu precise-updates InRelease Ign:6 http://mirrors.kernel.org/ubuntu precise-security InRelease Ign:7 http://mirrors.kernel.org/ubuntu precise-proposed InRelease Ign:32 http://archive.canonical.com/ubuntu trusty InRelease Ign:9 http://mirrors.kernel.org/ubuntu trusty-updates InRelease Ign:10 http://mirrors.kernel.org/ubuntu trusty-security InRelease Get:33 http://mirrors.kernel.org/ubuntu xenial/multiverse Sources [179 kB] Get:34 http://mirrors.kernel.org/ubuntu xenial/main amd64 Packages [1,201 kB] Get:35 http://archive.canonical.com/ubuntu xenial InRelease [11.5 kB]
[Bug 1642386] Re: At least one invalid signature was encountered.
apt-get update -o Debug::Acquire::gpgv=1 ** Attachment added: "apt-get update -o Debug::Acquire::gpgv=1" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778350/+files/debug-gpgv -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Oh, you may also want to try moving lists/ out of the way and running apt update again. And perhaps send me a tarball of /var/lib/apt and /etc/apt - then I might have luck reproducing it. If you want to, you could try bisecting this in the apt git repo, starting with git bisect start git bisect good 1.2.12 git bisect bad 1.2.15 git bisect run sh ./script.sh where script.sh is: #!/bin/sh make fast || exit 125 sudo LD_LIBRARY_PATH=$PWD/build/bin/ ./build/bin/apt-get update -o Dir::Bin::Methods="$PWD/build/bin/methods/" 2>&1 | tee update.log if grep "was encountered" update.log; then exit 1 fi exit 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
Your coworker seems to have caught a crash in appstream, BTW, not in apt. Not sure why the files fail their hashes or have no sections in them, though. ** Changed in: apt (Ubuntu) Assignee: (unassigned) => Julian Andres Klode (juliank) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
** Changed in: apt (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
It works perfectly fine for me. Can you re-run this with: -o Debug::Acquire::gpgv=1 ** Changed in: apt (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
I was too hasty -- apt appears to still function (e.g. apt-get install expat, apt-get purge expat, installed an expat from the -updates pocket and removed it again). It's just insanely ugly warnings on the apt-get update step, and maybe(?) new lists can't be downloaded. Anyway it's more nuanced than "broken entirely". Sorry. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1642386] Re: At least one invalid signature was encountered.
The full run, showing apt working a few seconds before it fails, and no errors in dmesg. ** Attachment added: "terminal-log" https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+attachment/4778315/+files/terminal-log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1642386 Title: At least one invalid signature was encountered. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1642386/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs