10

First the image:

enter image description here

then me saying "Say What!!.. How the..What the..??".

Basically I am stunned. How can I disable/bypass/remove/explode the option for the untrusted packages not letting me install them. I mean it is the PPA for Wine. That's like 99% official ^^.

Anyway the question is regarding all PPA's that have the untrusted flag in them.

Braiam
  • 67,791
  • 32
  • 179
  • 269
Luis Alvarado
  • 211,503

3 Answers3

19

This is a generic issue for all Ubuntu releases.

Run from a terminal 

sudo apt-get update && sudo apt-get upgrade

that should throw up the signature that is wrong:

enter image description here

Use the numbers after the NO_PUBKEY to replace XXXXXXXXX in the following

sudo apt-key adv --recv-key --keyserver keyserver.ubuntu.com XXXXXXXXX

Similar Question:

  1. What is the easiest way to resolve apt-get BADSIG GPG errors?
Community
  • 1
fossfreedom
  • 172,746
  • +1 because is a nice smart way of doing it. For the similar question by foss maybe the title can chance so when a user searches for something similar he finds it quickly? – Luis Alvarado Oct 24 '11 at 00:37
  • Can this be turned into a nifty grep or awk script to do this automatically? – nanofarad Oct 22 '12 at 11:12
4

You can try to remove the PPA and the signature by clicking on settings in update manager and then delete the appropriate entries from "other software" tab and the signature from the authentication tab.

After that, reload the package list and then enable the ppa by adding ppa:ubuntu-wine/ppa as a new software source in the settings dialogue and update manager will automatically download the signature.

papukaija
  • 2,425
0

To cover the issue of why it comes up (rather than how to fix it, as fossfreedom has covered)

I mean it is the PPA for Wine. That's like 99% official

But how do you know that the packages you download are from the server you think they are from and not from someone intercepting or redirecting your connection and giving you the wrong files?

The package manager is telling you that it cannot trust/authenticate that the real source of the files you are getting.

The GPG errors are saying that the packages are telling you that the packages can be trusted to come from some person X (like the Wine development team), however it does not know that you trust person X yet. (Stuff still works because it is not told either way and so it cannot assume person X is bad).

Adding the key says that you trust that person X (identified by the key ID, e.g. 40976EAF437D05B5 is for the official ubuntu archive). Normally, you can trust where it came from (gives the correct id), and as the ubuntu keyserver is used for ubuntu stuff and has basically the keys for everyone with a ppa you get the right key (identity).

Community
  • 1
Portablejim
  • 2,748