Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPG error : The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701 #32622

Open
Rajamohan-rj opened this issue Feb 3, 2023 · 28 comments
Open

GPG error : The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701 #32622

Rajamohan-rj opened this issue Feb 3, 2023 · 28 comments
Labels
documentation new new issue not yet triaged

Comments

@Rajamohan-rj
Copy link

Rajamohan-rj commented Feb 3, 2023
edited

Terraform Version

Terraform v1.3.7

Machine details:

  Operating System: Ubuntu 20.04.5 LTS
            Kernel: Linux 5.14.0-1056-oem
      Architecture: x86-64

Terraform Configuration Files

NA

Debug Output

NA

Expected Behavior

Followed this official documentation - (https://www.hashicorp.com/official-packaging-guide)

Actual Behavior

Error is occurring on sudo apt update step

           W: GPG error: https://apt.releases.hashicorp.com focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
           E: The repository 'https://apt.releases.hashicorp.com focal InRelease' is not signed.
           N: Updating from such a repository can't be done securely, and is therefore disabled by default.

Steps to Reproduce

Followed this official documentation - (https://www.hashicorp.com/official-packaging-guide)

Even fingerprint verification displayed the exact value as mentioned in the page.

    osuser123@xyz:~# gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

    /usr/share/keyrings/hashicorp-archive-keyring.gpg
    -------------------------------------------------
    pub   rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
    798A EC65 4E5C 1542 8C8E  42EE AA16 FCBC A621 E701

Added the hashicorp repo

     osuser123@xyz:~# cat /etc/apt/sources.list.d/hashicorp.list 
     deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com focal main

Error occurs

    osuser123@xyz:~# sudo apt update
    Get:1 https://apt.releases.hashicorp.com focal InRelease [17.1 kB]
     Err:1 https://apt.releases.hashicorp.com focal InRelease                                                                                                                                                          
     The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701         
     Reading package lists... Done      
     W: GPG error: https://apt.releases.hashicorp.com focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
     E: The repository 'https://apt.releases.hashicorp.com focal InRelease' is not signed.
     N: Updating from such a repository can't be done securely, and is therefore disabled by default.
     N: See apt-secure(8) manpage for repository creation and user configuration details.

Additional Context

No response

References
@Rajamohan-rj Rajamohan-rj added bug new new issue not yet triaged labels Feb 3, 2023
@crw
Copy link
Collaborator

crw commented Feb 3, 2023

Thanks for the report!

@cs224
Copy link

cs224 commented Feb 4, 2023

It seems this is related: https://discuss.hashicorp.com/t/resolved-debian-repo-apt-update-fails-new-gpg-keys/49218/2

@pdkovacs
Copy link

pdkovacs commented Feb 5, 2023

How can this be worked around?

I've tried the naive solution I could come up with:

$ sudo gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701

without success.

(The keyring coming from

$ cat /etc/apt/sources.list.d/hashicorp.list 
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main

)

@andy108369
Copy link

Fix:

# cat /etc/apt/sources.list.d/hashicorp.list 
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main

rm /usr/share/keyrings/hashicorp-archive-keyring.gpg
curl https://apt.releases.hashicorp.com/gpg | gpg --dearmor > /usr/share/keyrings/hashicorp-archive-keyring.gpg

@RayNawara
Copy link

This didn't help me. Still the same error.

@C4pt41nNRex
Copy link

I think this could solve your problem :

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701

@C4pt41nNRex
Copy link

Then, remember to execute:

sudo apt-get update

@RayNawara
Copy link

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.ClG5PY66vM/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701
gpg: key AA16FCBCA621E701: "HashiCorp Security (HashiCorp Package Signing) security+packaging@hashicorp.com" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
(base) ray@Rays_5900x:~$ sudo apt-get update
Get:1 https://apt.releases.hashicorp.com jammy InRelease [12.9 kB]
Err:1 https://apt.releases.hashicorp.com jammy InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
Hit:2 http://security.ubuntu.com/ubuntu jammy-security InRelease
Get:3 https://dl.yarnpkg.com/debian stable InRelease [17.1 kB]
Hit:4 https://dl.google.com/linux/chrome/deb stable InRelease
Hit:5 https://packages.cloud.google.com/apt cloud-sdk InRelease
Hit:6 https://deb.nodesource.com/node_16.x jammy InRelease
Hit:7 https://packages.microsoft.com/repos/edge stable InRelease
Hit:8 http://archive.ubuntu.com/ubuntu jammy InRelease
Hit:9 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:10 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:11 https://ppa.launchpadcontent.net/redislabs/redis/ubuntu jammy InRelease
Fetched 30.0 kB in 1s (38.4 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.releases.hashicorp.com jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
W: Failed to fetch https://apt.releases.hashicorp.com/dists/jammy/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
W: Some index files failed to download. They have been ignored, or old ones used instead.

@fesplugas
Copy link

These are the changes I made to make my scripts work again:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null

@RayNawara
Copy link

Thanks big time! That fixed it. I've been struggling with this for a few months! :-)

@mahadzar81
Copy link

works for me
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701

@Olive-harobed
Copy link

@fesplugas this worked for me, thanks a lot

@dimaqq
Copy link

dimaqq commented Feb 20, 2023
edited 

> sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701
Executing: /tmp/apt-key-gpghome.vwsHNbF8HS/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys AA16FCBCA621E701
gpg: keyserver receive failed: Server indicated a failure

So... 🤷🏻

I've commented hashicorp out in /etc/apt/sources.list for now 🙃

@abobakrahmed
Copy link

abobakrahmed commented Feb 22, 2023
edited

still showing this issues The following signatures couldn't be verified because the public key is not available: NO_PUBKEY DA418C88A3219F7B
@fesplugas after execute this commands curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null

@alflanagan
Copy link

Related message from Ubuntu 22.10 (kinetic):

E: The repository 'https://apt.releases.hashicorp.com $(lsb_release -cs) Release' does not have a Release file.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I've found a workaround by updating /etc/apt/sources.list.d/hashicorp.list to the following (must be all on one line, this comment gets wrapped):

deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg allow-insecure=yes] https://apt.releases.hashicorp.com "$(lsb_release -cs)" main

Note the documentation recommends against the allow-insecure=yes option. (See man apt-secure)

@radistao
Copy link

radistao commented Mar 10, 2023
edited

Use HasiCorp Official Packaging Guide

Download the signing key to a new keyring

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

Verify the key's fingerprint

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

The fingerprint must match 798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701, which can also be verified at https://www.hashicorp.com/security under "Linux Package Checksum Verification". Please note that there was a previous signing key used prior to January 23, 2023, which had the fingerprint E8A0 32E0 94D8 EB4E A189 D270 DA41 8C88 A321 9F7B. Details about this change are available on the status page: https://status.hashicorp.com/incidents/fgkyvr1kwpdh, https://status.hashicorp.com/incidents/k8jphcczkdkn.

@keisari-ch
Copy link

keisari-ch commented Mar 10, 2023
edited 

root@server:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy

root@server:~# wget -q -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null

root@server:~# ls -l /usr/share/keyrings/hashicorp-archive-keyring.gpg
-rw------- 1 root root 2879 Mar 10 16:56 /usr/share/keyrings/hashicorp-archive-keyring.gpg

root@server:~# gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub   rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
      798A EC65 4E5C 1542 8C8E  42EE AA16 FCBC A621 E701
uid           [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
sub   rsa4096 2023-01-10 [S] [expires: 2028-01-09]

root@server:~# echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main

root@server:~# apt update
Hit:1 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Hit:5 http://azure.archive.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://apt.releases.hashicorp.com jammy InRelease [12.9 kB]
Err:6 https://apt.releases.hashicorp.com jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
Reading package lists... Done
W: GPG error: https://apt.releases.hashicorp.com jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
E: The repository 'https://apt.releases.hashicorp.com jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

😟

EDIT :

chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg

All good now.

@wasuaje
Copy link

wasuaje commented Apr 1, 2023

These are the changes I made to make my scripts work again:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null

This worked for me!

@billyjsubs
Copy link

These are the changes I made to make my scripts work again:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null

This worked for me!

SNAP!!!!

@Mullinski
Copy link

Use HasiCorp Official Packaging Guide

Download the signing key to a new keyring

wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

Verify the key's fingerprint

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint

The fingerprint must match 798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701, which can also be verified at https://www.hashicorp.com/security under "Linux Package Checksum Verification". Please note that there was a previous signing key used prior to January 23, 2023, which had the fingerprint E8A0 32E0 94D8 EB4E A189 D270 DA41 8C88 A321 9F7B. Details about this change are available on the status page: https://status.hashicorp.com/incidents/fgkyvr1kwpdh, https://status.hashicorp.com/incidents/k8jphcczkdkn.

Total novice, this worked for me thanks!

@mamunsyuhada
Copy link

These are the changes I made to make my scripts work again:

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo gpg --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list > /dev/null

worked for me

@crw crw added documentation and removed bug labels May 16, 2023
@crw
Copy link
Collaborator

crw commented May 16, 2023

Changing to a documentation type ticket, as it seems the #32622 (comment) works more reliably than what we currently have documented (without comparing the two, my memory is that this matches the official packaging guide but not the "download terraform" page install instructions.)

@XSmith-Vertex
Copy link

XSmith-Vertex commented Jun 14, 2023
edited

This is still occurring.
I did fix it with

Download the signing key to a new keyring
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
Verify the key's fingerprint
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
Fix permissions
sudo chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg

Or as a single line
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg; gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint ; sudo chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg

@willzhang
Copy link 

root@server:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy

root@server:~# wget -q -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg >/dev/null

root@server:~# ls -l /usr/share/keyrings/hashicorp-archive-keyring.gpg
-rw------- 1 root root 2879 Mar 10 16:56 /usr/share/keyrings/hashicorp-archive-keyring.gpg

root@server:~# gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
/usr/share/keyrings/hashicorp-archive-keyring.gpg
-------------------------------------------------
pub   rsa4096 2023-01-10 [SC] [expires: 2028-01-09]
      798A EC65 4E5C 1542 8C8E  42EE AA16 FCBC A621 E701
uid           [ unknown] HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>
sub   rsa4096 2023-01-10 [S] [expires: 2028-01-09]

root@server:~# echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list
deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com jammy main

root@server:~# apt update
Hit:1 http://azure.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://azure.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://azure.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Hit:5 http://azure.archive.ubuntu.com/ubuntu jammy-security InRelease
Get:6 https://apt.releases.hashicorp.com jammy InRelease [12.9 kB]
Err:6 https://apt.releases.hashicorp.com jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
Reading package lists... Done
W: GPG error: https://apt.releases.hashicorp.com jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY AA16FCBCA621E701
E: The repository 'https://apt.releases.hashicorp.com jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

😟

EDIT :

chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg

All good now.

This method saved me.

@devmarrie
Copy link

devmarrie commented Jul 28, 2023
edited

@XSmith-Vertex 's method worked for me too , I replaced what the docs was sharing about generating the keyring with his single line implementation.
Then created the hashicorp.list file
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \ sudo tee /etc/apt/sources.list.d/hashicorp.list
Finally it worked.

@SH2282000
Copy link

SH2282000 commented Jul 31, 2023
edited

The only thing that really worked on Ubuntu 20.04 after following the official incomplete documentation:

chmod 644 /usr/share/keyrings/hashicorp-archive-keyring.gpg

All good now.

gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint does not need to be executed with sudo privileges. If it is the case, the above command should save you.

@jonatan2m

This comment was marked as spam.

Sign in to view
@belal655
Copy link

belal655 commented Mar 4, 2024

$ sudo apt update
[sudo] password for belal:
Hit:1 https://linux.teamviewer.com/deb stable InRelease
Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Get:2 http://kali.download/kali kali-rolling InRelease [41.5 kB]
Get:4 http://kali.download/kali kali-rolling/main amd64 Packages [19.9 MB]
Err:3 http://security.ubuntu.com/ubuntu focal-security InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32 NO_PUBKEY 871920D1991BC93C
Get:5 http://kali.download/kali kali-rolling/main i386 Packages [19.6 MB]
Get:6 http://kali.download/kali kali-rolling/main amd64 Contents (deb) [47.3 MB]
Get:7 http://kali.download/kali kali-rolling/main i386 Contents (deb) [45.4 MB]
Get:8 http://kali.download/kali kali-rolling/contrib i386 Packages [104 kB]
Get:9 http://kali.download/kali kali-rolling/contrib amd64 Packages [121 kB]
Reading package lists... Done
W: GPG error: http://security.ubuntu.com/ubuntu focal-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 3B4FE6ACC0B21F32 NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu focal-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

and what about this error?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation new new issue not yet triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests