NO_PUBKEY for apt.releases.hashicorp.com in apt

Question

When running sudo apt update, I am presented with the following error:

Err:4 https://apt.releases.hashicorp.com focal InRelease                                                                               
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701

How can I fix this?

Answer 1

Remove the existing Hashicorp files under /etc/apt/sources.list.d/ and then follow the official guide:

sudo -s
wget -O- https://apt.releases.hashicorp.com/gpg |
    gpg --dearmor > /usr/share/keyrings/hashicorp-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" > /etc/apt/sources.list.d/hashicorp.list
apt update

Answer 2

The warnings indicate that the GPG key file /etc/apt/trusted.gpg.d/mysql.gpg is in an unsupported format. This usually happens when the key is added in a format that the APT keyring does not support. To resolve this, we can re-import the key in the correct format.

Remove the problematic GPG key Remove the unsupported GPG key file:

sudo rm /etc/apt/trusted.gpg.d/mysql.gpg

Add the GPG key in the correct format Add the MySQL GPG key correctly:

Download and add the key using the following commands:

wget https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 -O - | sudo apt-key add -

Verify and update Verify the key has been added correctly:

apt-key list

Update the package list:

sudo apt update

Additional Configuration If the key is still not recognized, you can manually add it to the trusted.gpg keyring:

Download the GPG key:

wget https://repo.mysql.com/RPM-GPG-KEY-mysql-2022 -O /tmp/RPM-GPG-KEY-mysql-2022

Convert the key to the supported format and move it to the trusted keyring:

gpg --no-default-keyring --keyring /tmp/mysql-keyring.gpg --import /tmp/RPM-GPG-KEY-mysql-2022
gpg --no-default-keyring --keyring /tmp/mysql-keyring.gpg --export > /tmp/mysql-keyring.asc
sudo mv /tmp/mysql-keyring.asc /etc/apt/trusted.gpg.d/mysql.gpg

Update the package list again:

sudo apt update

By following these steps, you should be able to resolve the GPG key issue and properly configure the MySQL repository. If you encounter any further issues, please provide the exact error messages for more targeted assistance.

Answer 3

So the problem is with the sources.list file being used. Ultimately it links to a keyring, which doesn't contain key AA16FCBCA621E701.

In my case this was the file /etc/apt/sources.list.d/hashicorp.list

deb [arch=amd64 signed-by=/usr/share/keyrings/terraform-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main

The above notes (thank you MacroMan), led me to this (which creates a new, valid hashicorp-archive-keyring.gpg, his original instructions don't work unless you're running as su - root, which I never do)

curl https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

With the new keyring, edit the above file to replace terraform-archive-keyring.gpg with hashicorp-archive-keyring.gpg and sudo apt-get update should run without errors.

Alternatively (I didn't run this, but someone might find it useful, as it recreates the sources.list using sudo tee, so doesnt need to be run as root, as > does)

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee  etc/apt/sources.list.d/hashicorp.list

Answer 4

The GPG key is outdated or missing.

Run this code to remove the outdated key sudo rm /usr/share/keyrings/hashicorp-archive-keyring.gpg

And this to obtain the current key: curl https://apt.releases.hashicorp.com/gpg | gpg --dearmor > /usr/share/keyrings/hashicorp-archive-keyring.gpg

I had the run that last one under root (sudo -s), as I couldn't get sudo to play ball with the pipe character. Not really sure why