Labs Repository GPG Key Rotation
Starting on August 18 2025 all .deb and .rpm files in the labs repository will use the GPG-KEY-4096 instead of the old RPM-GPG-KEY.
For consistency all existing rpm and deb files have been resigned to use the new key as well.
| File | Size | ID | |
|---|---|---|---|
| Old | RPM-GPG-KEY | 1024 | F8C1CA08A57B9ED7 |
| New | GPG-KEY-4096 | 4096 | F0CA212FF1FFE778 |
Debian / Ubuntu
In Debian and Ubuntu you will probably notice warnings like this when running apt update
Err:1 http://labs.consol.de/repo/stable/debian bookworm InRelease
The following signatures couldn't be verified because the public key is
not available: NO_PUBKEY F0CA212FF1FFE778
Fetched 48.0 kB in 0s (158 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and
the previous index files will be used.
GPG error: http://labs.consol.de/repo/stable/debian bookworm InRelease: The following
signatures couldn't be verified because the public key is
not available: NO_PUBKEY F0CA212FF1FFE778
To make it work again, simple replace the key with the new one.
Either follow the instructions from the repository installation again:
or use these commands:
curl -s "https://labs.consol.de/repo/stable/GPG-KEY-4096" -o /etc/apt/trusted.gpg.d/labs.consol.de-GPG-KEY-4096.asc
Then make sure the key is used in the sources file:
ex.: /etc/apt/sources.list.d/labs-consol-stable.list
deb [signed-by=/etc/apt/trusted.gpg.d/labs.consol.de-GPG-KEY-4096.asc] http://labs.consol.de/repo/stable/debian bookworm main
The important part here is, the signed-by option must point to the new key file.
RHEL / Rocky Linux / Alma
RHEL 9 and later already used the new key, so there is nothing to do here.