Warning during apt update: “Policy will reject signature within a year”

[neverL]

Hi everyone,

when running apt update on Debian 13 (trixie) I recently started to see the following warning:

Code: Select all

Warning: https://repository.veeam.com/backup/linux/agent/dpkg/debian/public/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details

This seems to be related to the GPG signature of the Veeam repository.

From what I understand, the message indicates that the repository signature will no longer be accepted in the near future unless it is updated to meet the current key/signature policy requirements.

Request: Could you please check and renew the repository signing key (or signature policy) so that it complies with the updated apt requirements introduced in Debian 13?

Thanks in advance
Rafael

Case ID: #07803862

[rovshan.pashayev]

Hi Rafael, we're aware of the situation and have it noted.
Thanks!

[NorbertBie]

Any news in the meantime?
I have also the same issue as neverL with Debian Trixie and Veeam Linux Agent.

[rovshan.pashayev]

Hi,

The issue has been resolved in the Veeam Agent for Linux v13.0.1 release.

[Roger63]

Please note that you must upgrade to v13 manually by installing the v13 package. If you have not done so yet, you will notice that as of yesterday (2026/03/13) apt update emits warnings:

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://repository.veeam.com/backup/lin ... ian/public stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C5A1CF329BB5AC67
W: Failed to fetch https://repository.veeam.com/backup/lin ... /InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C5A1CF329BB5AC67
W: Some index files failed to download. They have been ignored, or old ones used instead.

The reason for this is that Veeam is now signing the agent repository with a new key because the old key would expire tomorrow (2026/03/15) without pushing the new key to clients ahead of changing the signing key.

The recommended solution is of course to upgrade to v13 (which is generally painless, I have performed several on Debian 12). If however you wish to stay with v6 for whatever reason, you can use this workaround:

1. Download file DEB-9BB5AC67.gpg from https://repository.veeam.com/keys/, rename it (e.g. to DEB-9BB5AC67-TEMP.gpg) and store it in /etc/apt/trusted.gpg.d.
2. Update the veeam packages to the latest version. This will also install the new key.
3. Remove the temporary key file from step 1.

[rovshan.pashayev]

Hi Roger,

Other method would be following:

First veeam-release package needs to be updated:

Code: Select all

wget https://repository.veeam.com/backup/linux/agent/dpkg/debian/public/pool/veeam/v/veeam-release-deb/veeam-release-deb_1.0.11_amd64.deb
sudo dpkg -i veeam-release-deb_1.0.11_amd64.deb
sudo apt update 

After this, the repository signature will validate correctly, and the agent can be updated to 6.3.2.1307 without errors.

Code: Select all

sudo apt-get upgrade veeam

We will publish KB Article about this as soon as possible.

Thanks.

[Roger63]

Another issue surfaced today. When downloading Veeam Agent for Linux FREE v13 for Debian/Ubuntu you get veeam-release-deb_13.0.1_amd64.deb. This file contains an apt trusted key that expired today (2026/03/15). I have opened a support case for this (08023399).

Meanwhile you can download the current package file (13.0.2) here https://repository.veeam.com/backup/lin ... _amd64.deb (apt trusted key valid until 2028/03/15).

[mars-sp]

Hi Veeam-Board,

since a few days (2~3) we are getting the following error running apt-get update.

Code: Select all

Err:5 https://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C5A1CF329BB5AC67

I installed the latest veeam.gpg, but nothing changes. Is there anything wrong with the repository or am I doing something wrong?

Thanks in advance!

Kind Regards
SP

[rovshan.pashayev]

Hello @mars-sp (Stavros),

I moved your question to the existing topic.
Please see above replies.

[Roger63]

since a few days (2~3) we are getting the following error running apt-get update.

Code: Select all

Err:5 https://repository.veeam.com/backup/linux/agent/dpkg/debian/public stable InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY C5A1CF329BB5AC67

I installed the latest veeam.gpg, but nothing changes. Is there anything wrong with the repository or am I doing something wrong?

You need DEB-9BB5AC67.gpg. See post post565827.html#p565827 for why this is happening and post post565832.html#p565832 for the easiest way to resolve the issue. I am assuming that you are still running VAL v6.x.