3

Ran sudo apt update and got the following error for the Heroku repository that indicates failed signature verification and missing public key 6DB5542C356545CF. The only information about this key I can find online is in Japanese or Korean, neither of which I understand, and translating them does not reveal any particularly useful information. I am concerned this could be a MITM attack, does anyone have any information or advice?

The full error message:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://cli-assets.heroku.com/apt ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6DB5542C356545CF
W: Failed to fetch https://cli-assets.heroku.com/apt/./InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6DB5542C356545CF
W: Some index files failed to download. They have been ignored, or old ones used instead.
diatomicDisaster
  • 486
  • 1
  • 6
  • 13

1 Answers1

3

Execute:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 6DB5542C356545CF

or

curl https://cli-assets.heroku.com/apt/release.key | sudo apt-key add -

and then

sudo apt-get update
ABN
  • 1,024
  • 13
  • 26
  • 2
    I should have been clearer in my question, I'm trying to find out _why_ this happened, it's easy to find solutions, but generally I don't like to just copy/paste code from the internet into my terminal without understanding what caused the problem in the first place. – diatomicDisaster Jul 07 '21 at 14:23
  • 1
    @diatomicDisaster you are right, blind importing of PGP keys could result in installing malicious code. – gavenkoa Sep 19 '21 at 11:00