1. Removing the _apt user is really not needed nor a good idea. Its enough to have this in a config file: APT::Sandbox::User "root"; // remove file again after testing! 2. Symlinking /usr/bin/gpgv to /bin/true will never work as verifying signatures is more involved then just checking the exit code… there are ways to have a similar effect, but as that would be an enormous security hole I am not going to describe it here for fear of someone blindly copying it. Obviously NOT a good idea at all.
Now that we have that out of the way two "common" problems: 1. Check that /tmp has reasonable permissions. It should have 1777 and be owned by root:root. 2. ls -ld /etc/apt/trusted.gpg /etc/apt/trusted.gpg.d /etc/apt/trusted.gpg.d/* Everything shown should be owned by root:root and everything world-readable (= the last of the three r's). (the first is hard to detect, the second has a proper warning in newer apt versions) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/1577926 Title: apt-key works fine, yet apt fails with "Could not execute 'apt-key'" Status in apt package in Ubuntu: Confirmed Bug description: Apt can fail to verify a Release file which verifies just fine when calling apt-key directly. Please advise how i can supply further debug information to help fix the underlying bug. Expected: apt-get should only report that a repository is not signed when no such signature was found. If a signature was in fact successfully acquired but not verified, apt-get should report failure to verify instead. apt-get should have a meaningful error message when calling apt-key fails. Bonus: Calling apt-key should not fail when the same thing works fine on command line. A reference to "Debug::Acquire::gpgv" should be in apt-secure(8) documentation. Observed: # uname -a Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 i686 i686 i686 GNU/Linux # chroot reproducable $ uname -a Linux hostname 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:34:49 UTC 2016 armv7l armv7l armv7l GNU/Linux $ lsb_release -a 2>/dev/null Distributor ID: Ubuntu Description: Ubuntu 16.04 LTS Release: 16.04 Codename: xenial $ apt-get -o "Debug::Acquire::gpgv=true" update Get:1 http://ports.ubuntu.com xenial-security InRelease [92.2 kB] 0% [1 InRelease gpgv 92.2 kB]igners Preparing to exec: /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c gpgv exited with status 111 Summary: Good: Bad: Worthless: SoonWorthless: NoPubKey: Ign:1 http://ports.ubuntu.com xenial-security InRelease Fetched 92.2 kB in 1s (79.5 kB/s) Reading package lists... Done W: GPG error: http://ports.ubuntu.com xenial-security InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?) W: The repository 'http://ports.ubuntu.com xenial-security InRelease' is not signed. N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. $ /usr/bin/apt-key --quiet --readonly verify --status-fd /dev/stderr /tmp/apt.sig.jYGUCG /tmp/apt.data.uTkX1c gpgv: Signature made Tue May 3 19:02:17 2016 UTC using DSA key ID 437D05B5 [GNUPG:] SIG_ID e53PXRjA/EMb7CuZJtAicvvUm60 2016-05-03 1462302137 [GNUPG:] GOODSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com> gpgv: Good signature from "Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com>" [GNUPG:] VALIDSIG 630239CC130E1A7FD81A27B140976EAF437D05B5 2016-05-03 1462302137 0 4 0 17 10 01 630239CC130E1A7FD81A27B140976EAF437D05B5 gpgv: Signature made Tue May 3 19:02:17 2016 UTC using RSA key ID C0B21F32 [GNUPG:] SIG_ID kCsrLo9VUm7YcYhhqQUw2fbWoY4 2016-05-03 1462302137 [GNUPG:] GOODSIG 3B4FE6ACC0B21F32 Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com> gpgv: Good signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com>" [GNUPG:] VALIDSIG 790BC7277767219C42C86F933B4FE6ACC0B21F32 2016-05-03 1462302137 0 4 0 1 10 01 790BC7277767219C42C86F933B4FE6ACC0B21F32 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1577926/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp