Wednesday, October 5, 2011

The apt keys, importing keys in batch mode

Sometimes a fresh Ubuntu or Debian install is mandatory or commanded, but we forget to export all GPG apt keys before the wipe. Once we made the installation we start to add our previously sources lists entries (hope you don't forget to save them first). In my case I use several entries many referencing some useful PPAs on Launchpad, this an excerpt:

deb natty-proposed main restricted universe multiverse
deb natty-security main restricted universe multiverse
deb natty-updates main restricted universe multiverse
deb natty main restricted universe multiverse

deb natty partner
deb natty-backports partner

deb natty main

deb natty main
deb-src natty main

deb natty main 
deb natty main
deb natty main

deb natty main
deb-src natty main

deb natty-cdh3 contrib
deb-src natty-cdh3 contrib

deb natty main
When we run then apt-get update in our fresh install we end with this annoying warning message:

W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: ... Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <>

W: Failed to fetch ... 
W: Some index files failed to download, they have been ignored, or old ones used instead.

To avoid these warnings you shall to explicit import the public keys (40976EAF437D05B5) via Synaptic Package Manager or apt-key command.

In my case, I keep a file (~/Sandbox/aptkeys/aptkeys) with a list of keys on my profile, one per line. Then, when a /etc/apt/sources.list archive get modified and the command apt-get update emits this kind of warning message, I append this key (40976EAF437D05B5) to the end of the file  ~/Sandbox/aptkeys/aptkeys using a text editor or cat command. Here is an excerpt of my aptkeys file:

The I use this script to make a batch import of all my approved keys:

$  cat ~/Sandbox/aptkeys/aptkeys  | importaptkeys

Hope that it will be useful for you.