I ran this command to update packages in my ubuntu VM.
sudo apt-get update
It gave me the below error at the end.
Err:5 https://apt.releases.hashicorp.com bionic InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXXXXXXXXX
Fetched 12.0 kB in 1s (10.4 kB/s)
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://apt.releases.hashicorp.com bionic InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXXXXXXXXX
W: Failed to fetch https://apt.releases.hashicorp.com/dists/bionic/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY XXXXXXXXXXXXXXXX
W: Some index files failed to download. They have been ignored, or old ones used instead.
What does this mean and how can I fix it?
This means that the gpg key for this HashiCorp repository is not available in the apt-key database.
As the fix, it can be re-added with the below commands.
# GPG is required for the package signing key
sudo apt install gpg
# Download the signing key to a new keyring
wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
# Verify the key's fingerprint
gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint
# The fingerprint must match 798A EC65 4E5C 1542 8C8E 42EE AA16 FCBC A621 E701, which can also be verified at https://www.hashicorp.com/security under "Linux Package Checksum Verification".
# Add the HashiCorp repo
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
# apt update successfully
sudo apt update
Note that these commands were taken from Hashicorp's Official Packaging Guide.