Unauthenticated software sources

apt authentication update-manager

My Lucid (10.04) installation recently started warning me that the updated packages were unauthenticated. For instance, if I open Update Manager and click the "Install Updates" button, it warns me that You are about to install software that can't be authenticated! Doing this could allow a malicious individual to damage or take control of your system.

I don't remember seeing this before. I guess it looks like I don't have the right keys to verify signatures.

Update with more information:

I get the warning for all packages, including apt and linux-image.

This is what's in my /etc/apt/sources.list (sans comments)

deb http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse

update 2:

Whatever it was that was wrong, it is no longer wrong, so I won't be able to verify any suggested solutions.


Sometimes when a network connection interrupts apt-get update (or the automatic daily package list refresh), the signature file will not get written, resulting in apt yelling about the lack of authentication. In most situations (assuming no improperly configured transparent caching system is between you and the Internet), a simple sudo apt-get update will resolve the problem.


Chances are you've added a PPA repository and haven't added the corresponding keys. The simplest way to do this is to disable all the PPAs and go through each and throw them at add-apt-repository. This will add it back to your sources but also

So if you see something like this:

deb http://ppa.launchpad.net/f-spot/f-spot-ppa/ubuntu lucid main

Run:

sudo add-apt-repository ppa:f-spot/f-spot-ppa

I think you can also throw the whole sourceline at it so this should be valid too:

sudo add-apt-repository deb http://ppa.launchpad.net/f-spot/f-spot-ppa/ubuntu lucid main

Rinse and repeat for all your non-standard software sources.

Related

Update problems: packages held back
How to install realtime kernel?
How can I easily use the gcc compiler for arm for building in a development IDE?
VirtualBox: Ubuntu Host and Ubuntu Guest. Where is my shared folder in the Guest?
"kernel panic not syncing out of memory and no killable process"
How can I mount an AFS filesystem?
Is there any information on when the Ubuntu One Music Store will add more countries?
Shortcuts not working after updating to Android studio 4, in Mac?
How to test 500.html in rails development env?
How to find a model from a collection according to some attribute other than the ID?
How does Mono work
In UITableView, cell.detailTextLabel.text isn't working… why?