Apt update return and error NO_PUBKEY related to Heroku CLI

Question

When doing an apt update i get the following warnings:

sudo apt update 
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease                                                                                                                                                           
...
Err:8 https://cli-assets.heroku.com/apt ./ InRelease                                                   
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 536F8F1DE80F6A35
...
Get:1 http://dl.google.com/linux/chrome/deb stable InRelease [1,811 B]

The upgrade does continue for other packages, but how to resolve this warning?

Answer 1

This error surfaced because Heroku's verification key expired. Nothing can be done until Heroku releases updated keys, which may take a few days.

Edit: Currently, it appears they have published updated keys, and all that remains is to:

curl https://cli-assets.heroku.com/apt/release.key | sudo apt-key add -

Answer 2

The command apt-key is deprecated in Ubuntu 22.04.

Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).

One must dearmor the key after download. The correct command is:

curl -fsSL https://cli-assets.heroku.com/apt/release.key | sudo gpg --dearmor -o /usr/share/keyrings/heroku-archive-keyring.gpg

This has to be done in conjunction with setting the key file path in the apt source line:

$ cat /etc/apt/sources.list.d/heroku.list 
deb [arch=amd64 signed-by=/usr/share/keyrings/heroku-archive-keyring.gpg] https://cli-assets.heroku.com/apt ./

More detailed info can be found on several technical blogs by now. E.g. https://techviewleo.com/apt-key-is-deprecated-manage-keyring-files-in-trusted-gpg-dot-d/