How to clean up Ubuntu software package repositories


I recently had the pleasure of upgrading my ubuntu system from 18.04 to 18.10. I went via the commandline: sudo do-release-upgrade and unfortunately I had an internet connection issue halfway through downloading packages. What made the situation worse was that I went and cancelled the upgrade via a Ctrl + c misclick! Long story short, my system was stuck pretending to be 18.10 and I went down a rabbit hole of cleaning up my package repository sources. Fortunately, I managed to get everything back to square 1 and finish the upgrade. The following are my notes from this escapade regarding debian-based systems and software repositories.

Software sources lists
  • The main Ubuntu software package repository locations are found here: /etc/apt/sources.list.
  • Additional repositories are found under /etc/apt/sources.list.d/, e.g. /etc/apt/sources.list.d/vscode.list.
  • Whenever the Ubuntu upgrade process starts, it makes a backup of all the repository configuration by making a .distUpgrade file for all the repository list files.
  • Moreover, the Ubuntu upgrade process disables all external software repositories to enable a smooth upgrade process. This is done by either commenting out the external source entries in sources.list or by emptying the contents of the external source repo .list file.
Restoring from a partial upgrade

Thus, one of the first steps that I needed to do to restore my system was to move the .distUpgrade to their original configuration:

sudo mv /etc/apt/sources.list.distUpgrade /etc/apt/sources.list

Next I went and removed older external repositories that I didn't need. Removing a repository can be done by either commenting out the repository by preceding the line with a # character, or simply deleting the relevant .list file, e.g. sudo rm /etc/apt/sources.list.d/heroku.list*. Once the repostories are cleaned up, the sudo apt update command can be run to refresh the package cache.

Errors while fetching repositories

As it turns out, I had quite a few issues with some of the older repositories:

Invalid architecture
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'http://dl.google.com/linux/chrome/deb stable InRelease' doesn't support architecture 'i386'

This can be fixed by specifying the architecture in the source definition: deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main.

Invalid signing key
W: GPG error: http://repo.mongodb.org trusty/mongodb-org/3.2 Release: The following signatures were invalid: BADSIG D68FA50FEA312927 MongoDB 3.2 Release Signing Key

This means that the signing key was invalid or expired. This can be fixed by updating the signing keys: sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927.

Clean up repository signing keys

Finally, I also wanted to clean up repository signatures. This is unfortunately not quite simple at the time of writing. The commands are as follows:

List all keys
sudo apt-key list. Note that the key id is the last 8 characters of the key signature. For e.g. on my system the key id for Google is 7FAC5991.
$ sudo apt-key list /etc/apt/trusted.gpg
--------------------
pub dsa1024 2007-03-08 [SC] 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991
uid [ unknown] Google, Inc. Linux Package Signing Key 
sub elg2048 2007-03-08 [E] ... 
List all expired keys
sudo apt-key list | grep "expired "
Delete a key
sudo apt-key del [key-id]
Add/update a key
As observed above, adding and updating a key can be done via the following: sudo apt-key adv --keyserver keys.gnupg.net --recv-keys [key-id]. You need to know the key id which will probably be noted along with the software installation procedure of your software package.
A successful upgrade

After restoring and cleaning up my software sources list, I was able to restart the upgrade process and it went fairly smoothly. I had some other issues:

  • Gnome extensions needed to be updated (3.30.x).
  • Numix dark theme was not working anymore, it required a small fix as noted here but I switched to yaru dark for better compatibility and support.

I can highly recommend the new Ubuntu but in any case, good luck with cleaning up your software sources!

HackerNews submission / discussion

Back to the article list.