Announcement

Collapse
No announcement yet.

Can't get system updates, "signatures couldn't be verified"

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Can't get system updates, "signatures couldn't be verified"

    I had a motherboard failure, followed by receiving not one, but TWO non-working motherboards from eBay sellers (heaven forbid you try to continue using the hardware you have, like my Core2Quad 2.7 GHz processor) before finally, after two months, getting a working (used, but functional) motherboard and getting it installed today. Once I'd verified things were operating as expected in 14.04.4 LTS, I restarted to 16.04 to try to install updates.

    Unfortunately, every time I try to update my repo file, either through Synaptic or from terminal, I get the infamous message that "The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32" -- and similar messages on at least four other Ubuntu repositories. I'm used to seeing this for duinsoft, which supplies genuine Java in packaged form, and I'm comfortable following their instructions for adding their key -- but I'm not used to seeing this for multiple repos in the ubuntu.com domain(s).

    A quick Google didn't seem to show anything recent relevant to this -- did I miss a memo about Ubuntu changing all their repos sometime after 16.04 went live?
    Last edited by Silent Observer; Aug 03, 2016, 05:18 PM.

    #2
    IIRC, when you see these messages, the repository associated with it is identified as well. Is that the case here?
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

    Comment


      #3
      Yes, but I'm back on 14.04 at the moment (having just verified that updates install just fine on that version). Let me restart to 16.04 and I'll post back with the IDs from the terminal.

      Okay, here are the error messages (first section):

      Code:
      Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
      Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]                          
      Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease                                            
        The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
      Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]                           
      Get:6 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [92.2 kB]                        
      Err:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease                                    
        The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
      Err:6 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease                                  
        The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
      Get:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease                             
      Err:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease                             
        Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
      Get:7 http://www.duinsoft.nl/pkg debs InRelease [6,809 B]                                             
      Err:7 http://www.duinsoft.nl/pkg debs InRelease                                                       
        The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E18CE6625CB26B26
      Err:5 http://security.ubuntu.com/ubuntu xenial-security InRelease                        
        The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
      As previously noted, duinsoft has instructions for adding their key, but seeing this on all the other repos was a bit of a red flag.
      Last edited by Silent Observer; Jul 23, 2016, 03:05 PM. Reason: Add repo identification

      Comment


        #4
        The ubuntu repositories are of course safe, so add the missing pubkeys. As you say your are familiar with duinsoft, add that pubkey as well and you should be 'back in business.'
        Windows no longer obstructs my view.
        Using Kubuntu Linux since March 23, 2007.
        "It is a capital mistake to theorize before one has data." - Sherlock Holmes

        Comment


          #5
          Originally posted by Silent Observer View Post
          Yes, but I'm back on 14.04 at the moment (having just verified that updates install just fine on that version). Let me restart to 16.04 and I'll post back with the IDs from the terminal.

          Okay, here are the error messages (first section):

          Code:
          Hit:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease
          Get:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]                          
          Err:1 http://us.archive.ubuntu.com/ubuntu xenial InRelease                                            
            The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
          Get:5 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]                           
          Get:6 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [92.2 kB]                        
          Err:2 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease                                    
            The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
          Err:6 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease                                  
            The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
          Get:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease                             
          Err:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease                             
            Clearsigned file isn't valid, got 'NOSPLIT' (does the network require authentication?)
          Get:7 http://www.duinsoft.nl/pkg debs InRelease [6,809 B]                                             
          Err:7 http://www.duinsoft.nl/pkg debs InRelease                                                       
            The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E18CE6625CB26B26
          Err:5 http://security.ubuntu.com/ubuntu xenial-security InRelease                        
            The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5  NO_PUBKEY 3B4FE6ACC0B21F32
          As previously noted, duinsoft has instructions for adding their key, but seeing this on all the other repos was a bit of a red flag.

          Now, this:
          Code:
          Get:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease                             
          Err:4 http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all all InRelease
          Is not a ppa or apt repo url, but the ubuntuupdates page with information on a particular third-party repository
          http://www.ubuntuupdates.org/ppa/ubuntuzilla?dist=all has the instructions to add this
          you can use the same command from the page above to add the missing keys for the ubuntu repos by substituting "40976EAF437D05B5" and/or "3B4FE6ACC0B21F32"
          I don't know why the keys are missing though. It has occurred for some people on occasion over the years so my guess is whatever ubuntu uses to make sure we have the right keys doesn't always work 100%
          Last edited by claydoh; Jul 23, 2016, 04:42 PM.

          Comment


            #6
            Claydoh, that was my concern -- why would 16.04 lose its keyring? If I had to guess, I'd say it was a case of a file that got damaged when the system started locking up on me. I had multiple such lockups on both 16.04 and 14.04 the last few days before the computer quit working entirely (which I defined as locking up every time I started it, just about the time I got into the GUI, about two minutes after a hard reset). I'll go ahead and add the keys, now that I'm reasonably confident there isn't a known problem that causes this.

            Comment


              #7
              nVidia drivers?

              I'm getting a solid lock (except occasional mouse cursor movement) within a minute or two of logging in, if I use and nvidia driver newer than 340. This is specific to 16.04 for me so I assume it's a kernel vs. nvidia problem.

              Please Read Me

              Comment


                #8
                oshunluvr, I was getting this in 14.04 (stable for me for the past two years, since the day I installed it) -- and I was getting errors that made no sense at certain addresses when I'd run memtest86+ -- addresses well within the range of my system's available RAM. Errors that, as far as I could tell, were address line failures. When that happened with four different RAM sticks in any combination in the board's two RAM sockets, I called it a motherboard/chipset failure. No, not thermal; MB temp was around 35 C and CPU under 45 C. FWIW, the "new" motherboard I wound up with hasn't given any sign of trouble, up continuously except for soft reboots since Saturday afternoon (including room temp up to 35 C when the air conditioning failed Saturday evening through part of the day Sunday), with all four of the RAM sticks I used for testing and the same CPU that was in the old board.

                Comment


                  #9
                  Thanks, Snowhog and oshunluvr; between the two of you (and getting time to fiddle with it) I've got this fixed up now, and updates installing in the background as I type. I'm still getting this complaint:

                  Code:
                  W: http://downloads.sourceforge.net/project/ubuntuzilla/mozilla/apt/dists/all/InRelease: Signature by key FBC0FA27F5D79B1F60A77837CCC158AFC1289A29 uses weak digest algorithm (SHA1)
                  Do I gain anything by chasing that? Firefox updated successfully, but `apt` complains during the update step.

                  Comment


                    #10
                    No. If you google on "Signature by key uses weak digest algorithm (SHA1)" you'll find a lot of information about this. It isn't actually a thing to worry about.
                    Windows no longer obstructs my view.
                    Using Kubuntu Linux since March 23, 2007.
                    "It is a capital mistake to theorize before one has data." - Sherlock Holmes

                    Comment


                      #11
                      Cool, thanks again. Still dunno why this happened, but it appears to be fixed now (though I'm still using 14.04 for daily operation, while I get 16.04 massaged and tweaked and decide if I like it).

                      Comment

                      Working...
                      X