search cancel

Verifying the signature of rpm/dev packages for SEP Linux client 14.2 MP1 and later.

book

Article ID: 172965

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Starting with Symantec Endpoint Protection (SEP) 14.2 MP1 for Linux, the rpm/deb packages included with the Linux client are digitally signed. This document contains instructions to verify the digital signature of these packages during installation of the product.

Possibly related error messages --

APT Repo communication error:

/=============================================================================\
| Get:1 https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/ubuntu20     |
| SAL/1.0 InRelease [1,713 B]                                                 |
| Err:1 https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/ubuntu20     |
| SAL/1.0 InRelease                                                           |
|   The following signatures were invalid: EXPKEYSIG C709B4A758A3D19B         |
| sdcss-release (GPG key for signing SDCSS Packages) <[email protected]>   |
| Reading package lists...                                                    |
| W: GPG error:                                                               |
| https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/ubuntu20 SAL/1.0   |
| InRelease: The following signatures were invalid: EXPKEYSIG                 |
| C709B4A758A3D19B sdcss-release (GPG key for signing SDCSS Packages)         |
| <[email protected]>                                                      |
| E: The repository                                                           |
| 'https://linux-repo.us.securitycloud.symantec.com/SAL/1.0/ubuntu20 SAL/1.0  |
| InRelease' is not signed.                                                   |
\=============================================================================/

 

Resolution

  • Download the GPG Public Key attached to this document and extract the contents to a directory on the Linux system where the installation will be performed.

    • Symantec-SEPFL-GPG-Public-Key is for SEP versions older than 14.3 RU1

    • NEW-SDCSS-KEY.asc is new for SEP versions from 14.3 RU1 to 14.3 RU4

      A new LinuxInstaller (STUB) with valid GPG key is available for download now via LiveUpdate in the SEPM. The new LinuxInstaller for RU4 version is 14.3.2171.4000

  • Use the following command to import the signature:

sudo rpm --import /path/to/GPG-Key ## for RHEL-based systems

or

sudo apt-key add /path/to/GPG-Key ## for Debian-based systems (e.g. Ubuntu)

Attachments

1656353432238__NEW-SDCSS-KEY.asc get_app
Symantec-SEPFL-GPG-Public-Key.zip get_app