Package: apt Version: 0.9.9.1~ubuntu3 Severity: important Dear Maintainer,
'apt-get update' has started showing several warnings like the following, even though the keys are present: W: GPG error: http://us.archive.ubuntu.com saucy Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 40976EAF437D05B5 NO_PUBKEY 3B4FE6ACC0B21F32 'apt-key list' shows the keys in question in its output... pub 1024D/437D05B5 2004-09-12 uid Ubuntu Archive Automatic Signing Key <ftpmas...@ubuntu.com> sub 2048g/79164387 2004-09-12 pub 4096R/C0B21F32 2012-05-11 uid Ubuntu Archive Automatic Signing Key (2012) <ftpmas...@ubuntu.com> ...and its output begins with the following: gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit I see the same gpg message when I manually update/remove/add the keys in question. E.g.: $ sudo apt-key update gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-java.gpg': resource limit gpg: keyblock resource `/etc/apt/trusted.gpg.d//webupd8team-y-ppa-manager.gpg': resource limit gpg: key 437D05B5: "Ubuntu Archive Automatic Signing Key < ftpmas...@ubuntu.com>" not changed gpg: key FBB75451: "Ubuntu CD Image Automatic Signing Key < cdim...@ubuntu.com>" not changed gpg: key C0B21F32: "Ubuntu Archive Automatic Signing Key (2012) < ftpmas...@ubuntu.com>" not changed gpg: key EFE21092: "Ubuntu CD Image Automatic Signing Key (2012) < cdim...@ubuntu.com>" not changed gpg: Total number processed: 4 gpg: unchanged: 4 I asked about the "resource limit" message on the gnupg-users mailing list... http://www.mail-archive.com/gnupg-users@gnupg.org/msg23300.html Based on Werner Koch's (the dev) answer... http://www.mail-archive.com/gnupg-users@gnupg.org/msg23302.html ...the secure apt related programs might be making gpg use more than the maximum number of keyrings that it can handle. I saw the following while attempting to work around this issue: 1. In addition to /etc/apt/trusted.gpg, each *.gpg file in /etc/apt/trusted.gpg.d/ is a separate keyring, often containing a single key for the corresponding repository. This could effectively limit the number of repos/packages one can have, if the total number of keyrings exceeds GnuPG's limit. 2. Deleting a key ('apt-key del <keyID>'), or removing a repository (e.g., using Synaptic), removes the key from its keyring in /etc/apt/trusted.gpg.d/ but leaves the empty keyring in the location. After I removed the empty keyring files, the "resource limit" message did not appear and 'apt-get update' did not complain about "NO_PUBKEY." So, once GnuPG's maximum number of keyrings is reached, one has to manually remove the empty keyring files, in addition to removing package repositories, in order to avoid the "NO_PUBKEY" scenario. -- Package-specific info: -- apt-config dump -- APT ""; APT::Architecture "amd64"; APT::Build-Essential ""; APT::Build-Essential:: "build-essential"; APT::Install-Recommends "true"; APT::Install-Suggests "0"; APT::Authentication ""; APT::Authentication::TrustCDROM "true"; APT::NeverAutoRemove ""; APT::NeverAutoRemove:: "^firmware-linux.*"; APT::NeverAutoRemove:: "^linux-firmware$"; APT::NeverAutoRemove:: "^kfreebsd-image.*"; APT::NeverAutoRemove:: "^gnumach$"; APT::NeverAutoRemove:: "^gnumach-image.*"; APT::NeverAutoRemove:: "^linux-image-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-image-extra-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-signed-image-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-headers-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-tools-3.11.0-13-generic$"; APT::NeverAutoRemove:: "^linux-image-3.11.0-14-generic$"; APT::NeverAutoRemove:: "^linux-image-extra-3.11.0-14-generic$"; APT::NeverAutoRemove:: "^linux-signed-image-3.11.0-14-generic$"; APT::NeverAutoRemove:: "^linux-backports-modules-.*-3.11.0-14-generic$"; APT::NeverAutoRemove:: "^linux-headers-3.11.0-14-generic$"; APT::NeverAutoRemove:: "^linux-tools-3.11.0-14-generic$"; APT::Never-MarkAuto-Sections ""; APT::Never-MarkAuto-Sections:: "metapackages"; APT::Never-MarkAuto-Sections:: "restricted/metapackages"; APT::Never-MarkAuto-Sections:: "universe/metapackages"; APT::Never-MarkAuto-Sections:: "multiverse/metapackages"; APT::Never-MarkAuto-Sections:: "oldlibs"; APT::Never-MarkAuto-Sections:: "restricted/oldlibs"; APT::Never-MarkAuto-Sections:: "universe/oldlibs"; APT::Never-MarkAuto-Sections:: "multiverse/oldlibs"; APT::Periodic ""; APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "0"; APT::Update ""; APT::Update::Post-Invoke-Success ""; APT::Update::Post-Invoke-Success:: "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true"; APT::Update::Post-Invoke-Success:: "test -x /usr/bin/apt-show-versions || exit 0 ; apt-show-versions -i"; APT::Update::Post-Invoke-Success:: "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true"; APT::Archives ""; APT::Archives::MaxAge "30"; APT::Archives::MinAge "2"; APT::Archives::MaxSize "500"; APT::Changelogs ""; APT::Changelogs::Server "http://changelogs.ubuntu.com/changelogs";; APT::Architectures ""; APT::Architectures:: "amd64"; APT::Architectures:: "i386"; APT::Compressor ""; APT::Compressor::. ""; APT::Compressor::.::Name "."; APT::Compressor::.::Extension ""; APT::Compressor::.::Binary ""; APT::Compressor::.::Cost "1"; APT::Compressor::gzip ""; APT::Compressor::gzip::Name "gzip"; APT::Compressor::gzip::Extension ".gz"; APT::Compressor::gzip::Binary "gzip"; APT::Compressor::gzip::Cost "2"; APT::Compressor::gzip::CompressArg ""; APT::Compressor::gzip::CompressArg:: "-9n"; APT::Compressor::gzip::UncompressArg ""; APT::Compressor::gzip::UncompressArg:: "-d"; APT::Compressor::bzip2 ""; APT::Compressor::bzip2::Name "bzip2"; APT::Compressor::bzip2::Extension ".bz2"; APT::Compressor::bzip2::Binary "bzip2"; APT::Compressor::bzip2::Cost "3"; APT::Compressor::bzip2::CompressArg ""; APT::Compressor::bzip2::CompressArg:: "-9"; APT::Compressor::bzip2::UncompressArg ""; APT::Compressor::bzip2::UncompressArg:: "-d"; APT::Compressor::xz ""; APT::Compressor::xz::Name "xz"; APT::Compressor::xz::Extension ".xz"; APT::Compressor::xz::Binary "xz"; APT::Compressor::xz::Cost "4"; APT::Compressor::xz::CompressArg ""; APT::Compressor::xz::CompressArg:: "-6"; APT::Compressor::xz::UncompressArg ""; APT::Compressor::xz::UncompressArg:: "-d"; APT::Compressor::lzma ""; APT::Compressor::lzma::Name "lzma"; APT::Compressor::lzma::Extension ".lzma"; APT::Compressor::lzma::Binary "xz"; APT::Compressor::lzma::Cost "5"; APT::Compressor::lzma::CompressArg ""; APT::Compressor::lzma::CompressArg:: "--format=lzma"; APT::Compressor::lzma::CompressArg:: "-9"; APT::Compressor::lzma::UncompressArg ""; APT::Compressor::lzma::UncompressArg:: "--format=lzma"; APT::Compressor::lzma::UncompressArg:: "-d"; APT::Compressor::::Name ""; APT::Compressor::::Extension "."; APT::Compressor::::Binary ""; APT::Compressor::::Cost "100"; APT::Compressor::::CompressArg ""; APT::Compressor::::CompressArg:: "-9"; APT::Compressor::::UncompressArg ""; APT::Compressor::::UncompressArg:: "-d"; Dir "/"; Dir::State "var/lib/apt/"; Dir::State::lists "lists/"; Dir::State::cdroms "cdroms.list"; Dir::State::mirrors "mirrors/"; Dir::State::extended_states "extended_states"; Dir::State::status "/var/lib/dpkg/status"; Dir::Cache "var/cache/apt/"; Dir::Cache::archives "archives/"; Dir::Cache::srcpkgcache "srcpkgcache.bin"; Dir::Cache::pkgcache "pkgcache.bin"; Dir::Etc "etc/apt/"; Dir::Etc::sourcelist "sources.list"; Dir::Etc::sourceparts "sources.list.d"; Dir::Etc::vendorlist "vendors.list"; Dir::Etc::vendorparts "vendors.list.d"; Dir::Etc::main "apt.conf"; Dir::Etc::netrc "auth.conf"; Dir::Etc::parts "apt.conf.d"; Dir::Etc::preferences "preferences"; Dir::Etc::preferencesparts "preferences.d"; Dir::Etc::trusted "trusted.gpg"; Dir::Etc::trustedparts "trusted.gpg.d"; Dir::Bin ""; Dir::Bin::methods "/usr/lib/apt/methods"; Dir::Bin::solvers ""; Dir::Bin::solvers:: "/usr/lib/apt/solvers"; Dir::Bin::dpkg "/usr/bin/dpkg"; Dir::Bin::bzip2 "/bin/bzip2"; Dir::Bin::xz "/usr/bin/xz"; Dir::Media ""; Dir::Media::MountPath "/media/apt"; Dir::Log "var/log/apt"; Dir::Log::Terminal "term.log"; Dir::Log::History "history.log"; Dir::Ignore-Files-Silently ""; Dir::Ignore-Files-Silently:: "~$"; Dir::Ignore-Files-Silently:: "\.disabled$"; Dir::Ignore-Files-Silently:: "\.bak$"; Dir::Ignore-Files-Silently:: "\.dpkg-[a-z]+$"; Dir::Ignore-Files-Silently:: "\.save$"; Dir::Ignore-Files-Silently:: "\.orig$"; Dir::Ignore-Files-Silently:: "\.distUpgrade$"; Acquire ""; Acquire::cdrom ""; Acquire::cdrom::mount "/media/cdrom/"; Acquire::Languages ""; Acquire::Languages:: "en"; Acquire::Languages:: "none"; Aptitude ""; Aptitude::Get-Root-Command "sudo:/usr/bin/sudo"; Aptitude::Keep-Unused-Pattern "^linux-image.*$ | ^linux-restricted-modules.*$ | ^linux-ubuntu-modules.*$"; Dpkg ""; Dpkg::Post-Invoke ""; Dpkg::Post-Invoke:: "if test -x /usr/share/dhelp/scripts/index-deferred; then /usr/share/dhelp/scripts/index-deferred; fi"; Dpkg::Post-Invoke:: "if [ -d /var/lib/update-notifier ]; then touch /var/lib/update-notifier/dpkg-run-stamp; fi; if [ -e /var/lib/update-notifier/updates-available ]; then echo > /var/lib/update-notifier/updates-available; fi "; Dpkg::Pre-Install-Pkgs ""; Dpkg::Pre-Install-Pkgs:: "/usr/sbin/dpkg-preconfigure --apt || true"; Unattended-Upgrade ""; Unattended-Upgrade::Allowed-Origins ""; Unattended-Upgrade::Allowed-Origins:: "${distro_id}:${distro_codename}-security"; CommandLine ""; CommandLine::AsString "apt-config dump"; -- (no /etc/apt/preferences present) -- -- /etc/apt/sources.list -- # deb cdrom:[Ubuntu 13.10 _Saucy Salamander_ - Release amd64 (20131016.1)]/ saucy main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ saucy main restricted #Added by software-properties # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://us.archive.ubuntu.com/ubuntu/ saucy main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ saucy multiverse universe #Added by software-properties ## Major bug fix updates produced after the final release of the ## distribution. deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ saucy-updates restricted main multiverse universe #Added by software-properties ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ saucy universe deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://us.archive.ubuntu.com/ubuntu/ saucy multiverse deb http://us.archive.ubuntu.com/ubuntu/ saucy-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. deb http://us.archive.ubuntu.com/ubuntu/ saucy-security main restricted deb-src http://us.archive.ubuntu.com/ubuntu/ saucy-security restricted main multiverse universe #Added by software-properties deb http://us.archive.ubuntu.com/ubuntu/ saucy-security universe deb http://us.archive.ubuntu.com/ubuntu/ saucy-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu saucy partner # deb-src http://archive.canonical.com/ubuntu saucy partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu saucy main deb-src http://extras.ubuntu.com/ubuntu saucy main deb http://deb.torproject.org/torproject.org saucy main # deb-src http://deb.torproject.org/torproject.org saucy main deb http://archive.getdeb.net/ubuntu saucy-getdeb apps deb http://deb.torproject.org/torproject.org tor-experimental-0.2.5.x-saucy main # deb-src http://deb.torproject.org/torproject.orgtor-experimental-0.2.5.x-saucy main -- System Information: Debian Release: wheezy/sid APT prefers saucy-updates APT policy: (500, 'saucy-updates'), (500, 'saucy-security'), (500, 'saucy') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.11.0-14-generic (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii gnupg 1.4.14-1ubuntu2.1 ii libapt-pkg4.12 0.9.9.1~ubuntu3 ii libc6 2.17-93ubuntu4 ii libgcc1 1:4.8.1-10ubuntu9 ii libstdc++6 4.8.1-10ubuntu9 ii ubuntu-keyring 2012.05.19 apt recommends no packages. Versions of packages apt suggests: pn apt-doc <none> ii aptitude 0.6.8.2-1ubuntu2 ii dpkg-dev 1.16.12ubuntu1 ii python-apt 0.8.9.1ubuntu1 ii synaptic 0.80.2 ii xz-utils 5.1.1alpha+20120614-2ubuntu1 -- no debconf information
