apt cannot verify signatures, does not update, neither does it fetch sources
I run Debian on a desktop computer. Because os some faulty cable, access to HD failed a couple of times, and this left my /var filesystem somewhat corrupted. It is a btrfs filesystem. So, I copied my whole system to another HD, but still there are problems! And I'm not sure they're all related to the filesystem corruption issue.
sudo aptitude update
Get: 1 http://ftp.us.debian.org/debian unstable InRelease [209 kB]
Err http://ftp.us.debian.org/debian unstable InRelease
Unknown error executing apt-key
Fetched 209 kB in 2s (95.9 kB/s)
Current status: 0 (-479) upgradable, 0 (-11) new.
W: GPG error: http://ftp.us.debian.org/debian unstable InRelease: Unknown error executing apt-key
E: The repository 'http://ftp.us.debian.org/debian unstable InRelease' is not signed.
Strange. apt-get update will equally fail. So I did some more testing:
sudo apt-get source hello
Reading package lists... Done
Need to get 733 kB of source archives.
WARNING: The following packages cannot be authenticated!
hello
E: Some packages could not be authenticated
So apt-get will refuse to fetch sources since it believes it won't be able to check signatures. Interesting. Because apt-get install <whatever-package> works -- except that it will complain about signature checking:
sudo apt-get install hello
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
hello
0 upgraded, 1 newly installed, 0 to remove and 479 not upgraded.
Need to get 55.7 kB of archives.
After this operation, 545 kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
hello
Install these packages without verification? [y/N] y
Get:1 http://ftp.us.debian.org/debian unstable/main amd64 hello amd64 2.10-1 [55.7 kB]
Fetched 55.7 kB in 0s (74.9 kB/s)
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Selecting previously unselected package hello.
(Reading database ... 851110 files and directories currently installed.)
Preparing to unpack .../hello_2.10-1_amd64.deb ...
Unpacking hello (2.10-1) ...
Processing triggers for install-info (6.1.0.dfsg.1-8) ...
Setting up hello (2.10-1) ...
Processing triggers for man-db (2.7.5-1) ...
So, I have ran
sudo apt-get clean
sudo apt-get --reinstall install apt debian-keyring
sudo dpkg-reconfigure apt debian-keyring
but the problem persists.
And I finally found this problem:
sudo apt-key net-update
gpg: relocation error: gpg: symbol gcry_sexp_extract_param, version GCRYPT_1.6 not defined in file libgcrypt.so.20 with link time reference
But...
ldd `which apt-key`
not a dynamic executable
The bug report pages for apt, debian-keyring, libgcrypt20 do not show anything that seems to be related to this (unless I missed something, of course!)
The Debian version is sid; and my sources.list are these:
deb http://ftp.us.debian.org/debian/ unstable main non-free contrib
deb-src http://ftp.us.debian.org/debian/ unstable main non-free contrib
Also, the version of apt is 1.3~rc2, the same that I have on another computer which is running fine.
I wonder if there is anything else I could investigate before actually deciding to reinstall the system from scratch (I have over 15 long years of /etc fiddling, and even if I copy /etc over to the new installation, I am afraid it wouldn't be as smooth as it seems!)
Solution 1:
Try this:
apt-get install gnupg libgcrypt20 -o AllowUnauthenticated=true
Or better to make a full dist-upgrade recently when you using a rolling distro. If you have still problems then you have to fill the bugreport yourself for the broken fresh packages. The sid release is for collecting bugreports from many users.