So the other day some of my repos(including PPA's) started throwing signature.
Every time I try to update my repos I end up with this error
sudo apt update
Get:1 http://archive.ubuntu.com/ubuntu kinetic InRelease [267 kB]
Err:1 http://archive.ubuntu.com/ubuntu kinetic InRelease
At least one invalid signature was encountered.
Reading package lists... Done
W: GPG error: http://archive.ubuntu.com/ubuntu kinetic InRelease: At least one invalid signature was encountered.
E: The repository 'http://archive.ubuntu.com/ubuntu kinetic InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
basically I had
proceeded to disable all of my PPA's and even deleted all files under /etc/apt/trusted.gpg.d with the unintended consequence that none of my repos are trusted even default repositories like http://archive.ubuntu.com/ubuntu kinetic main universe multiverse is untrusted.so
I opened up the Software&Updates App and it shows nothing in contrast to a normal Ubuntu VM
So,how can I make the default Ubuntu repositories trusted again?
Edit 1:
Okay so I read the man page for apt-secure it it says
Blockquote
The chain of trust in Debian starts (e.g.) when a maintainer uploads a new package or a new version of a package to the Debian archive. In
order to become effective, this upload needs to be signed by a key contained in one of the Debian package maintainer keyrings (available in
the debian-keyring package). Maintainers' keys are signed by other maintainers following pre-established procedures to ensure the identity
of the key holder. Similar procedures exist in all Debian-based distributions.
Once the uploaded package is verified and included in the archive, the maintainer signature is stripped off, and checksums of the package
are computed and put in the Packages file. The checksums of all of the Packages files are then computed and put into the Release file. The
Release file is then signed by the archive key for this Ubuntu release, and distributed alongside the packages and the Packages files on
Ubuntu mirrors. The keys are in the Ubuntu archive keyring available in the ubuntu-keyring package.
Also it appears that apt-key is deprecated or doesn't work from any version above Jammy jellyfish (22.04) now?(I have Kinetic Kudu installed 22.10)
Except for using apt-key del in maintainer scripts, the use of apt-key is deprecated. This section shows how to replace existing use of
apt-key.
If your existing use of apt-key add looks like this:
wget -qO- https://myrepo.example/myrepo.asc | sudo apt-key add -
Then you can directly replace this with (though note the recommendation below):
wget -qO- https://myrepo.example/myrepo.asc | sudo tee /etc/apt/trusted.gpg.d/myrepo.asc
Make sure to use the "asc" extension for ASCII armored keys and the "gpg" extension for the binary OpenPGP format (also known as "GPG key
public ring"). The binary OpenPGP format works for all apt versions, while the ASCII armored format works for apt version >= 1.4.
Recommended: Instead of placing keys into the /etc/apt/trusted.gpg.d directory, you can place them anywhere on your filesystem by using the
Signed-By option in your sources.list and pointing to the filename of the key. See sources.list(5) for details. Since APT 2.4,
/etc/apt/keyrings is provided as the recommended location for keys not managed by packages. When using a deb822-style sources.list, and
with apt version >= 2.4, the Signed-By option can also be used to include the full ASCII armored keyring directly in the sources.list
without an additional file.
And apt version is 2.53
apt -v
apt 2.5.3 (amd64)
take a look:-
sudo apt-key list
create_gpg_home:trap:14: undefined signal: ABRT
This is the only question (it remains unanswered) that I could find that this error
22.04 - Errors on apt update after docker engine installation
could this help?
Edit2
There seems to be a few community member that have had a similar issue
Force update from unsigned repository
but in my case, I am unable to use apt-key do do anything because I keep getting undefined signal: ABRT
sudo apt-key adv --keyserver pgp.mit.edu --recv-keys 5C808C2B65558117
create_gpg_home:trap:14: undefined signal: ABRT
Also forcefully trusting the repos especially for receiving OS updates and patches isn't the best security practice :/.