How can I exorcise a specific Ubuntu package that crashes on a postinstall script?

Jonathan Hayward asked:

I have a libssl-dev package installed, possibly because I am not sure if I bypassed the package manager, and it’s visible from the package manager but won’t go away.

root@li393-189:/home/jonathan/python-amazon-product-api-0.2.5# aptitude purge l
ibssl-dev
The following packages will be REMOVED:  
  libssl-dev{p} 
The following partially installed packages will be configured:
  apt 
0 packages upgraded, 0 newly installed, 1 to remove and 84 not upgraded.
Need to get 0 B of archives. After unpacking 4,929 kB will be freed.
Do you want to continue? [Y/n/?] Y
Setting up apt (0.8.16~exp12ubuntu10.10) ...
gpg: Invalid option "--primary-keyring"
gpg: [don't know]: invalid packet (ctb=03)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring
gpg: WARNING: nothing exported
dpkg: error processing apt (--configure):
 subprocess installed post-installation script returned error exit status 2
No apport report written because MaxReports is reached already
                                                              Errors were encountered while processing:
 apt
E: Sub-process /usr/bin/dpkg returned an error code (1)
A package failed to install.  Trying to recover:
Setting up apt (0.8.16~exp12ubuntu10.10) ...
gpg: Invalid option "--primary-keyring"
gpg: [don't know]: invalid packet (ctb=03)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring
gpg: WARNING: nothing exported
dpkg: error processing apt (--configure):
 subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:
 apt

root@li393-189:/home/jonathan/python-amazon-product-api-0.2.5# 

I want the presently installed libssl-dev to be replaced with a fresh package installation. No configuration of aptitude I’ve seen yet will remove it.

How can I remove the existing package to be able to reinstall it from scratch?

–EDIT–

@Brigo, I had tried with aptitude rather than just apt-get, but apt-get gives what looks to me like an apparent equivalent:

root@li393-189:/home/jonathan/python-amazon-product-api-0.2.5# apt-get remove l
ibssl-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  libssl-dev
0 upgraded, 0 newly installed, 1 to remove and 84 not upgraded.
1 not fully installed or removed.
After this operation, 4,929 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Setting up apt (0.8.16~exp12ubuntu10.10) ...
gpg: gpg: Invalid option "--primary-keyring"
[don't know]: invalid packet (ctb=03)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring
gpg: WARNING: nothing exported
dpkg: error processing apt (--configure):
 subprocess installed post-installation script returned error exit status 2
Errors were encountered while processing:
 apt
E: Sub-process /usr/bin/dpkg returned an error code (1)
root@li393-189:/home/jonathan/python-amazon-product-api-0.2.5# 

–EDIT–

Here is the output to the suggested sh -x /usr/bin/apt-key update.

Thanks,

root@li393-189:~# sh -x /usr/bin/apt-key update
+ set -e
+ unset GREP_OPTIONS
+ mktemp
+ SECRETKEYRING=/tmp/tmp.yKRn2OqlH3
+ trap rm -f '/tmp/tmp.yKRn2OqlH3' 0 HUP INT QUIT ILL ABRT FPE SEGV PIPE TERM
+ GPG_CMD=gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3
+ id -u
+ [ 0 -eq 0 ]
+ GPG_CMD=gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3 --trustdb-name /etc/apt/trustdb.gpg
+ GPG=gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3 --trustdb-name /etc/apt/trustdb.gpg
+ MASTER_KEYRING=/usr/share/keyrings/ubuntu-master-keyring.gpg
+ ARCHIVE_KEYRING=/usr/share/keyrings/ubuntu-archive-keyring.gpg
+ REMOVED_KEYS=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
+ ARCHIVE_KEYRING_URI=http://archive.ubuntu.com/ubuntu/project/ubuntu-archive-keyring.gpg
+ TMP_KEYRING=/var/lib/apt/keyrings/maybe-import-keyring.gpg
+ [ update = --keyring ]
+ TRUSTEDFILE=/etc/apt/trusted.gpg
+ apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
+ eval
+ apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
+ eval TRUSTEDFILE='/etc/apt/trusted.gpg'
+ TRUSTEDFILE=/etc/apt/trusted.gpg
+ [ -r /etc/apt/trusted.gpg ]
+ GPG=gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3 --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg
+ GPG=gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3 --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg
+ TRUSTEDPARTS=/etc/apt/trusted.gpg.d
+ apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
+ eval TRUSTEDPARTS='/etc/apt/trusted.gpg.d/'
+ TRUSTEDPARTS=/etc/apt/trusted.gpg.d/
+ [ -d /etc/apt/trusted.gpg.d/ ]
+ run-parts --list /etc/apt/trusted.gpg.d/ --regex ^.*.gpg$
+ command=update
+ [ -z update ]
+ shift
+ [ update != help ]
+ which gpg
+ update
+ [ ! -f /usr/share/keyrings/ubuntu-archive-keyring.gpg ]
+ requires_root
+ id -u
+ [ 0 -ne 0 ]
+ gpg --ignore-time-conflict --no-options+  --no-default-keyring --secret-keyring /tmp/tmp.yKRn2OqlH3gpg --trustdb-name /etc/apt/trustdb.gpg --ignore-time-conflict --no-options --no-default-keyring --quiet --batch --secret-keyring /tmp/tmp.yKRn2OqlH3 --keyring --trustdb-name /etc/apt/trustdb.gpg /usr/share/keyrings/ubuntu-archive-keyring.gpg --keyring /etc/apt/trusted.gpg --export --primary-keyring /etc/apt/trusted.gpg
 --import
gpg: Invalid option "--primary-keyring"
gpg: [don't know]: invalid packet (ctb=03)
gpg: read_keyblock: read error: invalid packet
gpg: enum_keyblocks(read) failed: invalid keyring
gpg: WARNING: nothing exported
+ rm -f /tmp/tmp.yKRn2OqlH3

My answer:


So, we see from your apt-key update output that gpg is choking on the file /etc/apt/trusted.gpg. Most likely this file has become corrupted somehow.

Try restoring this file from a known good backup, and then running your apt-get commands again.

If that fails, try removing the file, and then running apt-key update to regenerate it.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.