Summary
Redpanda is migrating the hosting of its Linux package repositories (Debian/Ubuntu .deb and RHEL/CentOS/Fedora .rpm) from the legacy dl.redpanda.com host to a new backend served from linux.pkg.redpanda.com. As part of this move, the repositories are signed with a new GPG key.
Starting June 1, 2026, all new packages are published to both the legacy dl.redpanda.com repository and the new linux.pkg.redpanda.com repository, so customers can migrate on their own schedule. On Monday, September 28, 2026, the legacy repository will be shut down and will no longer receive updates or serve packages.
Customers installing or upgrading Redpanda via the Linux package repositories must re-point their package manager to linux.pkg.redpanda.com and import the new signing key before that date. Existing and historical package versions remain available on the new repository — no Redpanda version is being dropped.
Severity
Medium — no impact to running clusters; action is required to avoid loss of package install/upgrade capability after September 28, 2026.
Redpanda Products Affected
- ✅ Redpanda Self-Managed - Enterprise — AFFECTED (installs/upgrades via deb/rpm repos)
- ✅ Redpanda Self-Managed - Community — AFFECTED (installs/upgrades via deb/rpm repos)
Release Affected
All Redpanda releases installed or upgraded through the apt/yum/dnf package repositories. Air-gapped and manual binary installs are unaffected.
Identification
You are affected if any host installs or upgrades Redpanda from the legacy dl.redpanda.com repos. Check your repo definitions for a dl.redpanda.com reference:
- Debian/Ubuntu: a Redpanda entry in /etc/apt/sources.list.d/ (e.g. redpanda*.list)
- RHEL/CentOS/Fedora: a Redpanda entry in /etc/yum.repos.d/ (e.g. redpanda*.repo)
Impact
No impact to running clusters or already-installed packages. After September 28, 2026, hosts still pointed at dl.redpanda.com will fail to install new packages or upgrades from it, and apt update / yum makecache against the legacy repo will fail.
Action required
Before September 28, 2026, re-point your package manager to the new repository at linux.pkg.redpanda.com and import the new GPG signing key.
Full step-by-step instructions for Debian/Ubuntu (apt) and RHEL/Fedora (yum/dnf) — including the new repo definition, the GPG key import, and a metadata refresh (apt update / yum makecache) — are documented here: <<migration docs section URL>>.
During the dual-publish window (June 1 – September 28, 2026) both repositories serve the same packages, so you can configure and validate linux.pkg.redpanda.com before removing the legacy entry.
Upgrading existing installations
If you already have Redpanda installed from the legacy dl.redpanda.com repository, follow the steps below for your distribution. Your installed packages and running services are not touched — these steps only change where future installs and upgrades come from. You can perform them at any time during the dual-publish window (June 1 – September 28, 2026) with no downtime.
The recommended path is the setup script, which imports the new GPG key and writes the new repository definition for you (it does not install or upgrade any packages).
Debian / Ubuntu (apt)
- Run the setup script:
curl -fsSL --tlsv1.2 https://linux.pkg.redpanda.com/setup-redpanda.deb.sh | sudo bash
Or configure manually by importing the new GPG signing key and write the repository definition:
curl -fsSL --tlsv1.2 https://linux.pkg.redpanda.com/redpanda-deb-signing-public.gpg | sudo gpg --dearmor -o /usr/share/keyrings/artifact-registry.gpg
echo 'deb [signed-by=/usr/share/keyrings/artifact-registry.gpg] https://linux.pkg.redpanda.com/apt redpanda-apt main' | sudo tee /etc/apt/sources.list.d/redpanda.list
- Disable the legacy repository: check /etc/apt/sources.list.d/ for any other file referencing dl.redpanda.com and delete it, or comment out its entries.
- Refresh metadata and verify that the redpanda package now resolves from the new repository:
sudo apt update
apt-cache policy redpanda # source should show linux.pkg.redpanda.com
- Future upgrades work as usual:
sudo apt-get install redpanda
RHEL / CentOS / Fedora / SUSE (yum / dnf / zypper)
- Run the setup script (it detects dnf, yum, microdnf, or zypper automatically):
curl -fsSL --tlsv1.2 https://linux.pkg.redpanda.com/setup-redpanda.rpm.sh | sudo bash
Or configure manually by importing the new GPG signing key and write the repository definition (/etc/zypp/repos.d/redpanda.repo on SUSE):
sudo rpm --import https://linux.pkg.redpanda.com/redpanda-rpm-signing-public.key
sudo tee /etc/yum.repos.d/redpanda.repo <<'EOF'
[redpanda]
name=Redpanda
baseurl=https://linux.pkg.redpanda.com/yum/redpanda-yum
enabled=1
gpgcheck=1
gpgkey=https://linux.pkg.redpanda.com/redpanda-rpm-signing-public.key
repo_gpgcheck=0
EOF
- Disable the legacy repository: check /etc/yum.repos.d/ (or /etc/zypp/repos.d/ on SUSE) for any other file referencing dl.redpanda.com and delete it, or set enabled=0 in it.
- Refresh metadata and verify that the redpanda package now resolves from the new repository:
sudo yum makecache --repo=redpanda
yum info redpanda # "From repo" should show: redpanda
- Future upgrades work as usual:
sudo yum update redpanda
Validating before removing the legacy repository (optional)
Because the new repository uses a different hostname and key, it can coexist with the legacy one. If you prefer to validate before cutting over, complete step 1 only and leave the legacy entry in place; once you've confirmed package metadata resolves from linux.pkg.redpanda.com, disable the legacy entry. Both repositories serve identical packages until September 28, 2026.
Configuration-management users
If you manage repository definitions through Ansible, Chef, Puppet, Terraform, or golden images, update the repository URL and GPG key in your source of truth rather than on individual hosts, and rebuild any machine images that bake in the legacy dl.redpanda.com definition.
Questions? If you have any questions on this TSB, or need further guidance, please contact Redpanda Support (support@redpanda.com), referencing TSB-2026-38 in the case title.