You get an error like this or similar to this when you run any apt command.
E: Conflicting values set for option Signed-By regarding source https://apt.postgresql.org/pub/repos/apt/ noble-pgdg: /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc != /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
E: The list of sources could not be read.
- What is the error message telling us?
The error message indicates a conflict with the Signed-By option regarding the source https://apt.postgresql.org/pub/repos/apt/. Specifically, it states that the GPG key used to sign the repository (/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc) is different from the one it expects (/usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg).
- This could be due to a few possible reasons:
The GPG key used to sign the PostgreSQL repository has been changed or updated, but the system's configuration has not been updated accordingly.
There is a conflict or issue with the system's package management configuration, potentially caused by other repositories or packages.
- Here is how to go about it. There are several ways to fix it, but I'll give the one that best works for me and is always sure to work.
Steps
- cd into the **sources.list.d directory.**
cd /etc/apt/sources.list.d
- list all the files found in the directory
ls
alexlarsson-ubuntu-flatpak-noble.sources
archive_uri-https_packages_microsoft_com_repos_vscode-noble.list
flatpak-ubuntu-stable-noble.sources
google-chrome.list
hashicorp.list
pgdg.list
pgdg.sources
touchegg-ubuntu-stable-noble.sources
ubuntu-esm-apps.sources
ubuntu-esm-infra.sources
ubuntu.sources
ubuntu.sources.curtin.orig
vscode.list
Note: The list of the files will vary depending on what causes your error to appear. You then need to open the files and delete any file that has to do with gpg. In my case, it was the PostgreSQL files that were causing those errors
- cat the files one after another if you do not know which one to look into in my case I had to delete any file that has to do with gpg in the sources.list.d directory.
cat pgdg.sources
result
Types: deb
URIs: https://apt.postgresql.org/pub/repos/apt
Suites: noble-pgdg
Components: main
Signed-By: /usr/share/postgresql-common/pgdg/apt.postgresql.org.gpg
sudo rm pgdg.sources
cat pgdg.list
result
deb [signed-by=/usr/share/postgresql-common/pgdg/apt.postgresql.org.asc] https://apt.postgresql.org/pub/repos/apt noble-pgdg main
sudo rm pgdg.list
- After removing all the files, you can now try running the update command or any apt command again.
sudo apt update
result
Hit:1 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:2 http://archive.ubuntu.com/ubuntu noble InRelease
Hit:3 https://apt.releases.hashicorp.com noble InRelease
Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 https://esm.ubuntu.com/apps/ubuntu noble-apps-security InRelease
Hit:6 http://archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:7 https://packages.cloud.google.com/apt cloud-sdk InRelease
Ign:8 https://ppa.launchpadcontent.net/alexlarsson/flatpak/ubuntu noble InRelease
Hit:9 https://esm.ubuntu.com/apps/ubuntu noble-apps-updates InRelease
Hit:10 https://ppa.launchpadcontent.net/flatpak/stable/ubuntu noble InRelease
Hit:11 http://archive.ubuntu.com/ubuntu noble-backports InRelease
Hit:12 https://packages.microsoft.com/repos/vscode stable InRelease
Hit:13 https://esm.ubuntu.com/infra/ubuntu noble-infra-security InRelease
Hit:14 https://ppa.launchpadcontent.net/touchegg/stable/ubuntu noble InRelease
Hit:15 https://packages.microsoft.com/repos/code stable InRelease
Hit:16 https://esm.ubuntu.com/infra/ubuntu noble-infra-updates InRelease
Err:17 https://ppa.launchpadcontent.net/alexlarsson/flatpak/ubuntu noble Release
404 Not Found [IP: 185.125.190.80 443]
Reading package lists... Done
Top comments (1)
Maybe I'm missing something here, but AFAIK, the GPG keys are provided to protect you from downloading software that might be compromised. A substantial portion of that software may also run in privileged mode and be able to compromise your system in serious ways.
If you get a signature failure, it's a big red flag and it shoud be fixed, not disabled.
Usually, it's something like an old key that just needs a new version, but it could be much worse.
I'm a big fan of PPAs. If that's where the problem is occurring, then something like y-ppa-manager can help you fix it.
I haven't run into it in a while, but I used to frequently see problems like this where the error message displayed the key that was not matching. When that occurred, a quick web search for the key usually landed me at a website with the required command to fix the problem.
For other things you can delete the repository and then use add-apt-repository which will add it back and get the new GPG key at the same time.