"GPG error: Release: The following signatures were invalid: BADSIG"

Question

I ran this command in the Terminal:

sudo apt-get update

Updating ends with the following error report:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://extras.ubuntu.com precise Release: The following signatures were invalid: BADSIG 16126D3A3E5C1192 Ubuntu Extras Archive Automatic Signing Key <ftpmaster@ubuntu.com>

W: GPG error: http://ppa.launchpad.net precise Release: The following signatures were invalid: BADSIG 4C1CBC1B69B0E2F4 Launchpad PPA for Jonathan French
W: Failed to fetch http://extras.ubuntu.com/ubuntu/dists/precise/Release

What does this mean and why is it happening?

I saw similar issue when I first installed the 12.04. After that I changed the "Software Sources" from the software manager from India to another server. Now I am not seeing this issue. If you are using India server, change it and let us know. — Abhijeet, May 04 '12 at 18:11
Thanx Abhijeet. I am an Indian but staying here in Qatar.I changed server to Saudi Arabia.But same result. — beeju, May 04 '12 at 18:19
For myself, I had a PPA in /etc/apt/sources.list.d/ that no longer existed and so this error was coming up. I had to remove that (actually, replace it with an updated repo for ffmpeg that I needed) and then sudo apt-get update worked just fine. — Joshua Pinter, Jun 23 '20 at 15:23
Because of low reputation, I can only comment. I solved the issue using the following command: apt-key adv --fetch-keys 'https://packages.sury.org/php/apt.gpg' > /dev/null 2>&1 Source: https://forum.hestiacp.com/t/apt-upgrade-failed-gpg-error-packages-sury-org/1920/8 — Ladislav Ondris, Aug 30 '21 at 21:11

Anwar · Answer 1 · 2016-08-27T13:56:39.723

130

This message is displaying because the gpg key for that repository is missing in your apt-key database.

To import the key, open a terminal and enter these commands

gpg --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192

pgp keys are mostly distributed in several keystore. Ubuntu related keys are usually found in keyserver.ubuntu.com. But if that fails you can use alternatives. Like -

gpg --keyserver hkp://subkeys.pgp.net --recv-keys 16126D3A3E5C1192

You must replace the alphanumeric part, with the specific key. Make sure the key is one you trust. Any repository with this key, would be able to install any package without warning.

You would see the following output if the above is successful

gpg: Total number processed: 1
gpg:               imported: 1

Then run this command:

gpg --export --armor 16126D3A3E5C1192 | sudo apt-key add -

Note the - sign after add.

Then sudo apt-get update, you will have no such messages after this.

edited Aug 27 '16 at 13:56

answered May 14 '12 at 14:30

Anwar

76,649

3

Hi@anwar where/how do i get the key that i trust? – soMuchToLearnAndShare Oct 29 '18 at 14:30
3

@MinnieShi The key is present in the error message itself The following signatures were invalid: BADSIG 16126D3A3E5C1192 – Kalyan Raghu May 06 '19 at 17:35
4

Note that the apt-key add command should return "OK". – COil Jun 01 '19 at 09:48
1

Great, should be the accepted answer! Thanks. – Jacob Aug 19 '19 at 10:17
I get this after the gpg --export, and it still fails with apt, any advice pls?: gpg: WARNING: unsafe ownership on homedir '/home/abc/.gnupg'; OK – alchemy Mar 12 '20 at 22:47
the keyserver is currently hkp://keyserver.ubuntu.com – bob Oct 01 '20 at 06:08

score 34 · Answer 2 · answered Sep 11 '20 at 15:18

34

I ran into this issue an older Ubuntu 16.04 box. My keys weren't expired so I wasn't really sure why I was getting the error. I tried SirCharlo's method but I still got the same errors. Being this particular error is coming from the 'Ubuntu Extras Archive Automatic Signing Key' I decided to refresh my keys. After doing that everything worked fine. Not sure if it was a combination of both method's but if SirCharlo's method doesn't work, run this command:

apt-key adv --refresh-keys --keyserver keyserver.ubuntu.com

answered Sep 11 '20 at 15:18

G_Style

613

This works perfectly and looks safe. Thanks. – Dan Ortega Mar 24 '21 at 14:10
5

This should be the choosen answer! – Roger Jul 19 '21 at 15:19
1

This worked for me where not of the other answers worked. Using Ubuntu16.04 Xenial in a docker – Yonatan Simson Aug 15 '21 at 12:03
2

Agreed. This feels a lot better to execute (and worked), thank you. – mgarde Oct 09 '21 at 19:48

Max Alibaev · Answer 3 · 2015-07-17T15:17:40.433

17

You can try my script to automatically receive all GPG keys for PPAs you use: smartupdate.sh.

It will launch apt-get update, then find all GPG errors and receive keys for found GPG signatures. In your case, it will just launch

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 4C1CBC1B69B0E2F4

but when you add a few unsigned PPAs, it becomes boring to add GPG keys manually. :)

edited Jul 17 '15 at 15:17

answered Jul 02 '12 at 19:03

Max Alibaev

455

other answers doesn't work for me except this – Muhammad Dyas Yaskur Jun 06 '20 at 15:15
https://github.com/yarnpkg/yarn/issues/7866 Good discussion here about this type of solution for expired keys. – FugueWeb Aug 16 '20 at 15:09

score 7 · Answer 4 · edited Apr 11 '23 at 11:13

As 131 suggested in a comment in a now deleted answer, do it this way:

First clean things up:
```
sudo apt-get clean
```
Optional step to save a backup and also preserve the ownership of lists:
```
sudo cp -a /var/lib/apt/lists /tmp
sudo rm -r /var/lib/apt/lists/*
```
Then rebuild the package list:
```
sudo apt update
```

NOTE

The following were suggested in a highly upvoted answer that is now deleted:

sudo apt-get clean
sudo mv /var/lib/apt/lists /tmp
sudo mkdir -p /var/lib/apt/lists/partial
sudo apt-get clean
sudo apt-get update

This was not good advice because the mv and mkdir here create a new problem: lists is no longer owned by _apt. This means you'll now get this new apt warning:

W: Download is performed unsandboxed...

You need to preserve the existing ownership and permissions of the lists folder.

also you most likely free some space in ubuntu before trying to run any further command like apt update — Junior Mayhé, Jul 30 '22 at 11:30

score 6 · Answer 5 · answered Jun 18 '14 at 08:53

I got a similar error. But instead of BADSIG I got KEYEXPIRED for the PostgreSQL repo:

W: A error occurred during the signature verification.
  The repository is not updated and the previous index files will be used.
  GPG error: http://apt.postgresql.org precise-pgdg Release:
  The following signatures were invalid: KEYEXPIRED 1381654177

The solution is perfectly described here but this is what I did to solve it:

$ sudo apt-key list | grep -B1 PostgreSQL
$ sudo apt-key del ACCC4CF8
$ wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

And now $ sudo apt-get update will work perfectly!

score 3 · Answer 6 · answered Jan 24 '23 at 12:27

I got quite similar error (on Debian 10):

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. 
GPG error: http://repo.mysql.com/apt/debian buster InRelease: The following signatures couldn't be verified because the public key is not available: 
NO_PUBKEY 467B942D3A79BD29
W: Failed to fetch http://repo.mysql.com/apt/debian/dists/buster/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 467B942D3A79BD29
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 467B942D3A79BD29

You can add the unavailable key and try again. In this my case the unavailable key is 467B942D3A79BD29

So, key adding command will be sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 467B942D3A79BD29

That solved my problem and sudo apt update fired like a charm.

Solution source: https://docs.mideye.se/5.6.6/installation/debian10/

This worked perfectly for me. Thanks – Promise Preston Jul 07 '23 at 13:03 — Promise Preston, Jul 07 '23 at 13:03

score 1 · Answer 7 · edited Dec 23 '21 at 07:47

1

This could be due to a caching issue of a HTTP proxy. If you have one of those somewhere along the route like me, you can run apt and circumvent the cache temporarily:

sudo apt-get update -o Acquire::http::No-Cache=True

edited Dec 23 '21 at 07:47

Teocci

4,665

answered Mar 11 '18 at 06:41

Dhinesh Sunder Ganapathi

11
2

score 1 · Answer 8 · edited Jun 21 '12 at 00:07

This tip (from actionparsnip) worked for me:

Try:

sudo fuser -vvv /var/lib/dpkg/lock
sudo rm /var/lib/apt/lists/lock
sudo cp -arf /var/lib/dpkg /var/lib/dpkg.backup
sudo cp /var/lib/dpkg/status-old /var/lib/dpkg/status
sudo cp /var/lib/dpkg/available-old /var/lib/dpkg/available
sudo rm -rf /var/lib/dpkg/updates/*
sudo rm -rf /var/lib/apt/lists
sudo rm /var/cache/apt/*.bin
sudo mkdir /var/lib/apt/lists
sudo mkdir /var/lib/apt/lists/partial
LANG=C;sudo apt-get clean
LANG=C;sudo apt-get autoclean
LANG=C;sudo apt-get --purge autoremove
LANG=C;sudo apt-get update -o APT::Cache-Limit=25165824
sudo dpkg --clear-avail
sudo dpkg --configure -a
LANG=C;sudo apt-get -f install
LANG=C;sudo apt-get --fix-missing install
LANG=C;sudo apt-get update -o APT::Cache-Limit=25165824 && sudo apt-get dist-upgrade

Found in:
https://answers.launchpad.net/ubuntu/+source/update-manager/+question/194077

score -2 · Answer 9 · answered Jun 18 '14 at 09:07

-2

You can use launchpad-getkeys to fix this. Open a terminal and enter:

sudo apt-get install launchpad-getkeys
sudo launchpad-getkeys

Then

sudo apt-get update

answered Jun 18 '14 at 09:07

nastys

5,427
3
20
28

"GPG error: Release: The following signatures were invalid: BADSIG"

9 Answers9

NOTE

Linked

Related