apt-get update not working: Signing/ Verification errors

Question

When I run apt-get update I get

Ign:1 http://dl.google.com/linux/musicmanager/deb stable InRelease
Ign:2 http://archive-4.kali.org/kali kali-rolling InRelease                
Hit:3 http://archive-4.kali.org/kali-security sana/updates InRelease
0% [3 InRelease gpgv 11.9 kB] [Waiting for headers] [Waiting for headers]Couldn't create tempfiles for splitting up /var/lib/apt/lists/security.kali.org_kali-seErr:3 http://archive-4.kali.org/kali-security sana/updates InRelease     
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Hit:4 http://archive-4.kali.org/kali sana InRelease                      
0% [4 InRelease gpgv 20.3 kB] [Waiting for headers]Couldn't create tempfiles forErr:4 http://archive-4.kali.org/kali sana InRelease_dists_sana_InRelease
  Could not execute 'apt-key' to verify signature (is gnupg installed?)
Get:5 http://archive-4.kali.org/kali kali-rolling Release [23.7 kB]
Get:6 http://archive-4.kali.org/kali kali-rolling Release.gpg [819 B]          
0% [6 Release.gpg gpgv 23.7 kB]                                    3,846 B/s 0smktemp: failed to create directory via template '/tmp/tmp.XXXXXXXXXX': Permission denied
Err:6 http://archive-4.kali.org/kali kali-rolling Release.gpg                  
  At least one invalid signature was encountered.
Hit:7 http://dl.google.com/linux/musicmanager/deb stable Release               
80% [Release.gpg gpgv 1,345 B]mktemp: failed to create directory via template '/tmp/tmp.XXXXXXXXXX': Permission denied
Err:8 http://dl.google.com/linux/musicmanager/deb stable Release.gpg
  At least one invalid signature was encountered.
Reading package lists... Done 
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive-4.kali.org/kali-security sana/updates InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive-4.kali.org/kali sana InRelease: Could not execute 'apt-key' to verify signature (is gnupg installed?)
W: GPG error: http://archive-4.kali.org/kali kali-rolling Release: At least one invalid signature was encountered.
E: The repository 'http://http.kali.org/kali kali-rolling Release' is no longer signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://dl.google.com/linux/musicmanager/deb stable Release: At least one invalid signature was encountered.

I have no idea how this happened or how to fix it. I have gnupg, gnupg-agent, gnupg-pkcs11-scd, gnupg2, gnupg-curl, gnupg-pkcs11-scd-dbg installed.

Answer 1

Clear APT cache and regenerate it:

sudo apt-get clean
sudo mv /var/lib/apt/lists /tmp
sudo mkdir -p /var/lib/apt/lists/partial
sudo apt-get clean
sudo apt-get update

Answer 2

Solved by doing a docker system prune(?!). Is it the image that was in a bad state? Was it a problem caused by not having enough disk space?

Maybe something to consider if you're having the problem inside a docker.

Answer 3

Maybe there is an invalid link or file in directory /etc/apt/trusted.gpg.d/

Check that the directory contains valid files and links, in example:

# ls -L /etc/apt/trusted.gpg.d/* > /dev/null
ls: cannot access '/etc/apt/trusted.gpg.d/live-net-archive-keyring.gpg': No such file or directory

Therefore, look for the package that must contain the file

# dpkg -S /etc/apt/trusted.gpg.d/live-net-archive-keyring.gpg
live-net-archive-keyring: /etc/apt/trusted.gpg.d/live-net-archive-keyring.gpg

and take some of the following actions:

reinstall it

# aptitude reinstall live-net-archive-keyring

or reinstall all the installed keyrings

# aptitude reinstall $(dpkg -l '*keyring' | awk '$1 == "ii" {print $2}')
The following packages will be REINSTALLED:
debian-archive-keyring gnome-keyring live-net-archive-keyring siduction-archive-keyring 

or remove the invalid link or file

# rm /etc/apt/trusted.gpg.d/live-net-archive-keyring.gpg 

Answer 4

I got this error after converting a ubuntu 18 classic image with qemu-img to VMware player 15 and forgot to expand the disk size. Some of the update and upgrade stuff went through, but then it stuck on this signature thing.

I wanted to add this to this thread. Could be a "simple" disk space issue. I reinstalled everything again and expanded the disk before first boot and it's running fine now.

Answer 5

Try chown root:root /tmp chmod 1777 /tmp

Answer 6

All my keys were correct, but okwap's solution cued me to look at the /tmp directory.

I had thousands of sub-directories in there, made by a service process that was having issues starting. I even had problems deleting all the dirs because there were so many (had to pipe ls to xargs to avoid "too many arguments" errors).

As soon as my /tmp was cleaned up, apt-get update worked fine again. So I suspect there's some code in apt-get update related to signature checking which uses /tmp and fails when there are a silly number of items in there.

Answer 7

I have also seen apt-get verification failures when the system time is wrong.