I recently was working on installing
pipelight-plugin so I could get the Unity3D plugin working on my Ubuntu desktop. Getting that working is another subject, but part way through the installation process I ran into an issue.
Part of what I had to do to install the Pipelight plugin was add a PPA;
ppa:pipelight/stable to be exact. Normally, this would be totally fine. After I ran
sudo add-apt-repository ppa:pipelight/stable, I ran the usual
sudo apt-get update so I would have up to date software lists.
However, at the end of the output from the
apt-get update command I noticed that there were a whole bunch of
GPG ERROR NO_PUBKEY : WARNING: The following packages cannot be authenticated!
This had been happening previously, but it was only the Virtualbox PPA, so I figured that their GPG public key had expired or been removed for whatever reason, and so didn’t give it any more thought. But now there were at least 5, if not 10 of these errors, including for various PPAs that I was fairly certain wouldn’t let their key expire.
Again, I continued working, thinking it strange, but not dangerous. However, then I started seeing
WARNING: The following packages cannot be authenticated!
when I was attempting to install new software or update via
Now I knew something was up. So, I started researching via our ever-present and usually quite useful overlord, Google. While I did come across several Ask Ubuntu answers, it finally took a combination of four different answers (here, here, here, and here) and a Launchpad bug report to come up with the solution.
Basically, there is/was a bug in
apt-get where it will return
GPG ERROR NO_PUBKEY : WARNING: The following packages cannot be authenticated! for PPAs, even when the key is present on your system.
This leads to the
WARNING: The following packages cannot be authenticated! error. From what I have seen, it doesn’t actually cause any issues initially, but it’s still good to resolve issues like these if possible.
So, I tried just running
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys x x x x x replacing the
x with the public key number for the various “missing” keys, as recommended by this Q/A.
However, I still got the
NO_PUBKEY error, along with a bunch of new ones that all said
gpg: keyblock resource '/etc/apt/trusted.gpg.d/X.gpg.gpg': resource limit (replacing X with the various GPG files.)
So, I tried the solution suggested here, running
sudo apt-key update followed by
sudo apt-get update.
The first was to run this series of commands:
sudo apt-get clean
sudo mv /var/lib/apt/lists /var/apt/lists.old
mkdir -p /var/lib/apt/lists/partial
sudo apt-get update
However, this returned the same error. Again.
So, I scrolled down a bit further, and found this comment. This solution is what ultimately resolved the issue for me.
I went into
/etc/apt/trusted.gpg.d/ and manually deleted a few of the
.gpg files for PPAs I had removed/didn’t use anymore and voilà! running
apt-get update worked and
apt-get upgrade no longer complained of un-authenticated packages.
As for what was causing this, it turns out that GnuPG has a limit of 40 keys GPG keys. Beyond that, it won’t accept any more.
add-apt-repository don’t remove old and unused PGP/GPG keys, I had met the 40 key limit. When I removed the few un-used keys it brought the count under 40 and the issue was resolved.
Although there was a fix released for this in October of 2014, it has, for whatever reason, not been back-ported to Ubuntu 14.04, thus causing the issue I was having. According to this Debian bug report the package that contains the fix (
libapt-pkg4.12) has not yet been back-ported to 14.04 as of June 2015, so anyone who runs into this issue is going to have to use this workaround in the meantime.
TL;DR: If this happens, then go into
/etc/apt/trusted.gpg.d/ as root and delete any
.gpg files for PPAs you have disabled. Then, run
sudo apt-get update and everything should work again!
Thanks for reading, let me know if you run into any issues down in the comments section and I’ll if I can help!