Symantec Endpoint Protection (SEP) and Datacenter Security (DCS) Linux agents fail to install due to GPG key expiration.

Products Affected:

• Symantec Endpoint Security (SEP) agent for Linux version(s) 14.3 RU1 through RU4 build 2147
• Data Center Security (DCS) agent for Linux version(s) 6.9.x earlier than build 2173

Platforms Affected:

• Debian
• Ubuntu

On June 18, 2022 the GPG key used to sign the Linux packages expired.  On Debian or Ubuntu systems, new installations or upgrades using the installer for SEP Linux agent 14.3 RU1 through RU4 build 2147 (or DCS agent 6.9.x earlier than build 2173) fail with the following error message, or similar.

The product will fail to install with a log message similar to the following example:

Get:1 https://linux-repo.verify.gcp.sepadvanced.cloud/SAL/1.0/ubuntu20 SAL/1.0 InRelease [1,715 B]
Err:1 https://linux-repo.verify.gcp.sepadvanced.cloud/SAL/1.0/ubuntu20 SAL/1.0 InRelease
  The following signatures were invalid: EXPKEYSIG C709B4A758A3D19B sdcss-release (GPG key for signing SDCSS Packages) <[email protected]>
Reading package lists...
W: GPG error: https://linux-repo.verify.gcp.sepadvanced.cloud/SAL/1.0/ubuntu20 SAL/1.0 InRelease: The following signatures were invalid: EXPKEYSIG C709B4A758A3D19B sdcss-release (GPG key for signing SDCSS Packages) <[email protected]>
E: The repository 'https://linux-repo.verify.gcp.sepadvanced.cloud/SAL/1.0/ubuntu20 SAL/1.0 InRelease' is not signed.

Workaround:

Update the GPG key on the system before installing the product. This needs to be done only once for each system.

A new and valid GPG key file is attached to this document (Release.gpg). Copy this file to your system or to a shared volume, then run the following command to add the new GPG key to your system:

sudo apt-key add Release.gpg

Solution:

An updated installer with the new Release.gpg key has been released for the SEP and DCS products, as indicated below:

• SEP version 14.3 RU4 build 2167 and later
• DCS version 6.9.2 build 2173 and later