Skip to content

Documentation / Knowledge Base

Package manager reports expired signing key on Linux

Symptoms

Running apt update or dnf check-update produces a GPG signature error referencing the Enclave repository:

W: An error occurred during the signature verification. The repository is not updated
   and the previous index files will be used. GPG error: https://packages.enclave.io/apt
   stable InRelease: The following signatures were invalid: EXPKEYSIG A386D59E7C22F628
   Enclave Networks

The package manager refuses to install or update Enclave packages until the key is refreshed.

Cause

The GPG key used to sign Enclave's Linux packages has expired. The repository already contains the updated key, but your local system is still using a cached copy of the old one.

Resolution

Debian and Ubuntu (apt)

Download and install the updated signing key:

curl -fsSL https://packages.enclave.io/apt/enclave.stable.gpg | sudo gpg --dearmor -o /usr/share/keyrings/enclave.gpg

If prompted to overwrite the existing file, confirm with y. Then refresh the package index:

sudo apt update

RHEL, CentOS, Fedora and Amazon Linux (dnf/yum)

Clear the cached repository metadata and re-import the key:

sudo dnf clean all
sudo rm -rf /var/cache/dnf/enclave-*/pubring
sudo dnf check-update

Then update as normal:

sudo dnf update

Having problems? Contact us at support@enclave.io or get help and advice in our community support channels.

Last updated February 8, 2024