In this article:

    Overview

    You may encounter a GPG error when running apt update on systems that use the Twingate APT repository. This issue began appearing recently due to an upstream change in how our packages are served.

    Symptoms

    When running sudo apt update, you may see the following warning or error:

    W: GPG error: https://packages.twingate.com/apt InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 5C363F09A9174A9E

    This may either block updates to the Connector or appear as a warning, depending on your system configuration.

    Cause

    A recent backend change was made in preparation for supporting signed packages. Although the Twingate Connector package is not currently signed, systems that don’t explicitly trust the Twingate APT repository may now treat it as unsigned and raise an error during apt update.

    In most cases, this results only in a warning, and APT will continue functioning as expected. However, if the repository isn’t marked as trusted, the update may fail entirely. Systems set up using the official deployment script from the Twingate Admin Console should already have the trusted configuration in place.

    Resolution

    Most users can ignore the warning and continue running sudo apt upgrade as usual. The Connector should upgrade to the latest version without issue.

    If sudo apt upgrade fails to upgrade the Connector, the repository may not be marked as trusted.

    1. Edit the Twingate APT source list:

      sudo nano /etc/apt/sources.list.d/twingate.list

    2. Modify the line to include the trusted=true option:

      deb [trusted=true] https://packages.twingate.com/apt/ /

    3. Save and exit the file.

    4. Run:

      sudo apt update && sudo apt upgrade

       

    Note: This will not stop the warning from showing but should allow package updates to proceed normally.