Ubuntu: "bad signature" problems prevent apt-get update from working

When running a routine package update, I sometimes get errors like this:

$ sudo apt-get update
W: A error occurred during the signature verification. The repository is not updated and the previous index files will be used.GPG error: http://security.ubuntu.com hardy-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/hardy-security/Release
W: Some index files failed to download, they have been ignored, or old ones used instead.
W: You may want to run apt-get update to correct these problems

This ubuntu bugs page suggests this:

$ sudo apt-get update -o Acquire::http::No-Cache=true

but the problem persists.

Solved it! By deleting the incorrectly signed Release and Release.gpg files that were downloaded in the last try:

$ sudo rm -f /var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_hardy-security_Release*

Now apt-get is successful.

I got the idea above from the instructions in comment 20 to the bug

Post a comment or leave a trackback: Trackback URL.


  • darshansebastian  On September 23, 2008 at 3:27 pm


    Thanks man…that helped me sort out my issue as well (same one)

  • feng  On November 13, 2008 at 5:42 pm

    it works, thanks

  • Irve  On August 2, 2012 at 4:00 pm

    Thanks, man. It takes a little amount of time to write it down but it will help someone for years to come.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: