Unauthenticated software sources
My Lucid (10.04) installation recently started warning me that the updated packages were unauthenticated. For instance, if I open Update Manager and click the "Install Updates" button, it warns me that You are about to install software that can't be authenticated! Doing this could allow a malicious individual to damage or take control of your system.
I don't remember seeing this before. I guess it looks like I don't have the right keys to verify signatures.
Update with more information:
I get the warning for all packages, including apt and linux-image.
This is what's in my /etc/apt/sources.list
(sans comments)
deb http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security main restricted
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security universe
deb http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ lucid-security multiverse
update 2:
Whatever it was that was wrong, it is no longer wrong, so I won't be able to verify any suggested solutions.
Sometimes when a network connection interrupts apt-get update
(or the automatic daily package list refresh), the signature file will not get written, resulting in apt
yelling about the lack of authentication. In most situations (assuming no improperly configured transparent caching system is between you and the Internet), a simple sudo apt-get update
will resolve the problem.
Chances are you've added a PPA repository and haven't added the corresponding keys. The simplest way to do this is to disable all the PPAs and go through each and throw them at add-apt-repository
. This will add it back to your sources but also
So if you see something like this:
deb http://ppa.launchpad.net/f-spot/f-spot-ppa/ubuntu lucid main
Run:
sudo add-apt-repository ppa:f-spot/f-spot-ppa
I think you can also throw the whole sourceline at it so this should be valid too:
sudo add-apt-repository deb http://ppa.launchpad.net/f-spot/f-spot-ppa/ubuntu lucid main
Rinse and repeat for all your non-standard software sources.