On Sun, Aug 21, 2016 at 10:07:47AM +0200, Joost van Baal-Ilić wrote: > Get:1 http://ftp.nl.debian.org/debian sid InRelease [209 kB] > 0% [Working]inside VerifyGetSigners > 0% [1 InRelease gpgv 209 kB]Preparing to exec: /usr/bin/apt-key --quiet > --readonly verify --status-fd 3 /tmp/apt.sig.7pzp9M > /tmp/apt.data.WiZ9eV > gpgv exited with status 1 > Summary: > Good: > Bad: > Worthless: > SoonWorthless: > NoPubKey: > NODATA: no > Err:1 http://ftp.nl.debian.org/debian sid InRelease > At least one invalid signature was encountered.
The error message is a reaction to the debug message "gpgv exited with status 1" as it is supposed to do that only if it encounters a bad sig. Now, that debug message is kind of a lie as it isn't gpgv which exits 1 here, but the wrapping construct apt-key. That can be deducted from the summary being empty, so we fail before even calling apt-key. A common reason for this in recent times is actually a strange /tmp directory with misconfigured owner/permissions setup. The reason is that apt-key isn't executed with root permissions (and hence allowed to do basically everything), but as _apt which isn't privileged and therefore effected by owner/permission. I just experimented a bit and while 'apt-key list' just ignores unreadable files, other apt-key operations including verify fail if a file in /etc/apt/trusted.gpg.d/ is unreadable for the _apt user, so that could it be, too (and would explain Timos "fix"). So, perhaps you can redo your tests, but as _apt e.g. with: su _apt -s /bin/sh -c 'apt-key list' Best regards David Kalnischkies
signature.asc
Description: PGP signature
