Sorry, you need to enable JavaScript to visit this website.

Primary tabs

New Ubuntu 16.04 packages use unknown key (again)

59 posts / 0 new
01 Staff's picture
01 Staff (not verified)

Aug 31, 2016 - 02:20am

  • fledermaus's picture
    fledermaus (not verified)

    Just to clarify some things here: the SHA1 message is a warning, not an error - SHA1 is currently (I am not a cryptographer, so correct me if I'm wrong) predicted to be practically attackable in the next decade or so - we'll be switching over to a stronger hash (probably in the next release). As for the rest of the errors - threy relate to non-Intel PPAs and we can't really do anything about them.

    Sep 26, 2016 - 05:30pm
  • afdallah's picture
    afdallah (not verified)

    I'm facing the same problem after installing intel graphics for linux, 


    The repository ' xenial InRelease' is not signed

    is there any workaround?

    Sep 12, 2016 - 04:17am
  • ceejay's picture
    ceejay (not verified)

    I am facing the same issue. Where is INTEL service and support. Are they taking us SERIOUS or Not

    Why the silence?? Need a solution how to solve this problem. It is now 20 September 2016 and still no action from Intel!!!!

    I am disappointed.


    This is what happened after installing intel-graphics-update-tool_2.0.2_i386.deb on ubuntu 16.04:


    W: GPG error: xenial InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 56A3DEF863961D39
    W: The repository ' xenial InRelease' is not signed.
    N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
    N: See apt-secure(8) manpage for repository creation and user configuration details.

    Please need solution from INTEL, what to do!!!

    Sep 20, 2016 - 01:57am
  • zeldar23's picture
    zeldar23 (not verified)

    There is no silence. The solution was provided on August 31st in this thread. Copy and paste the command below in terminal:


    wget --no-check-certificate -O - | sudo apt-key add -
    Sep 20, 2016 - 06:56pm
  • luca's picture
    luca (not verified)

    Still Intel provide a gpg signature (SHA1) that Ubuntu 16.04 doesn't accept (it's almost a year that we don't use SHA1). Still waiting for a gpg signature SHA256 or SHA512.


    I tried yesterday to upgrade the Intel driver with the tool for Ubuntu 16.04 and there is no way that function, it keep rolling for an hour and the the final message is always the same "Failed".


    Do something to solve the problem, it's a month that the situation doesn't change.




    bye bye



    Sep 22, 2016 - 07:24am
  • pliski's picture
    pliski (not verified)



    W: Signature by key --- uses weak digest algorithm (SHA1), E:Failed to fetch


    Ubuntu 16.04




    Sep 24, 2016 - 03:46pm
  • fledermaus's picture
    fledermaus (not verified)

    You have two items here: A warning (not an error) about the signature on the repository, and an error (which is what's actually stopping you, I think) relating to an ubuntu ppa which is not controlled by Intel and has no connection to

    Oct 11, 2016 - 07:19am
  • luca's picture
    luca (not verified)

    Today 4 October 2016 I try again to update the Intel Graphic Driver for Ubuntu 16.04 with the tool and using the same gpg and repository that stil doesn't work for weak digest algorithm (SHA1) !!! After almost three months still the tool is not working.

    Finally in the Kernel 4.8.0 are missing two files *.bin that are the new version of KBL and XBT og module i915.


    So, next week I will install the new distribution of Ubuntu, the 16.10 Yakkety Yak and I will wait for the next update tool from Intel.


    With compliments





    Oct 04, 2016 - 07:57am
  • clel's picture
    clel (not verified)

    I experience the same issue and am unable to use apt-get upgrade due to that.

    I would prefer that the problem gets fixed in the deb itself instead of offering a workaround that everyone has to type into a terminal. Also is the workaround secure?

    Oct 10, 2016 - 04:16am
  • fledermaus's picture
    fledermaus (not verified)

    It isn't a workaround - in order to verify a package you must install the public key that the package was signed with (that's how signed packages work) and tell apt to trust it. It's secure if you trust the source of that key (and if you don't, then you shouldn't be installing those packages).

    Oct 11, 2016 - 07:21am