RSS
Apr 8, 2026 10:35:14 AM
Ivan Zhmud
Ivan Zhmud
Director of CloudLinux OS department

CloudLinux GPG Package Signing Key Update for CloudLinux 7, 8, and 9

Starting May 1, 2026, CloudLinux will sign new packages for CloudLinux 7, 8, and 9 exclusively with a new GPG key.

For most customers, this is a seamless, low-impact change. No action is needed if your cloudlinux-release package is up to date.

 

What Is Changing

CloudLinux signs every package with a GPG key, so your system can verify that packages are authentic and have not been tampered with. We are rotating our package signing key to a new key across CloudLinux 7, 8, and 9.

The new GPG key has already been distributed as part of the cloudlinux-release package for an extended period. If you have been keeping your systems updated, your machines already have the new key available and will not notice any change.

 

Minimum cloudlinux-release Version with the New Key

If you want to verify whether your installed version already includes the new key, use the table below.

To check your current installed version:

rpm -q cloudlinux-release
CloudLinux OS Minimum version containing the new key
CloudLinux 9 cloudlinux-release-9.6-2
CloudLinux 8 cloudlinux-release-8.10-8
CloudLinux 7 cloudlinux-release-7.9-2.12

 

What You Need to Do

Most customers have nothing to do. If your servers are receiving regular updates, the new key is already installed.

If you manage servers that have not received updates recently and you face issues with installing new packages, run the following command:

yum update cloudlinux-release

To confirm the new key is installed, run:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

 

Questions?

If you have questions or issues, please reach out to CloudLinux Support.

CloudLinux GPG Package Signing Key Update for CloudLinux 7, 8, and 9

Apr 8, 2026 10:35:14 AM
Ivan Zhmud

Starting May 1, 2026, CloudLinux will sign new packages for CloudLinux 7, 8, and 9 exclusively with a new GPG key.

For most customers, this is a seamless, low-impact change. No action is needed if your cloudlinux-release package is up to date.

 

What Is Changing

CloudLinux signs every package with a GPG key, so your system can verify that packages are authentic and have not been tampered with. We are rotating our package signing key to a new key across CloudLinux 7, 8, and 9.

The new GPG key has already been distributed as part of the cloudlinux-release package for an extended period. If you have been keeping your systems updated, your machines already have the new key available and will not notice any change.

 

Minimum cloudlinux-release Version with the New Key

If you want to verify whether your installed version already includes the new key, use the table below.

To check your current installed version:

rpm -q cloudlinux-release
CloudLinux OS Minimum version containing the new key
CloudLinux 9 cloudlinux-release-9.6-2
CloudLinux 8 cloudlinux-release-8.10-8
CloudLinux 7 cloudlinux-release-7.9-2.12

 

What You Need to Do

Most customers have nothing to do. If your servers are receiving regular updates, the new key is already installed.

If you manage servers that have not received updates recently and you face issues with installing new packages, run the following command:

yum update cloudlinux-release

To confirm the new key is installed, run:

rpm -q gpg-pubkey --qf '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'

 

Questions?

If you have questions or issues, please reach out to CloudLinux Support.
imunify-logo

WEB SERVER SECURITY BLOG

READ MORE ABOUT WEB SERVER SECURITY

Subscribe to CloudLinux Newsletter

aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. CloudLinux Inc.
Terms of Use | Privacy Policy | Vulnerability Reporting | Legal | Do Not Sell My Personal Data

Call Sales at +1 (800) 231-7307
Email sales@cloudlinux.com