Software Repository

This is the software repository for packages provided by CISOfy. It contains packages related to Lynis in common formats like RPM and DEB.

Fair-use

The software repositories are rate-limited. The community repository is meant to allow as many people as possible to pull in the latest updates of the packages.

Are you a company with more than 10 systems? Set up your own caching proxy.

Available packages

Repositories

Tips and Suggestions

• Mirror or Synchronize a repository

Important notices

August 2025: Key changes

Are you receiving an error when using the repository on newer Linux distributions? We are updating our keys to reflect the relevant changes.

On Debian 13 you might see this:

W: https://packages.cisofy.com/community/lynis/deb/dists/stable/InRelease: Policy will reject signature within a year, see --audit for details

Rocky Linux 10 or RHEL 10 might show something like this:

error: Certificate 824612E20ACF951B:
  Policy rejects 824612E20ACF951B: No binding signature at time 2025‑06‑13T16:28:45Z
error: https://packages.cisofy.com/keys/cisofy-software-rpms-public.key: key 1 import failed.

These errors are caused due to newer libraries that will soon stop accepting SHA1 checksums in keys, mostly in third-party repositories. The reason SHA1 was still used was due to backwards compatibility, as older distribution versions did not have good support forward when SHA256/SHA512 was introduced. Right now the support for SHA1 is being phased out, resulting in these errors or warnings.

History of changes

• 2025-08-20: The key to sign RPMs (824612E20ACF951B) has been updated to move away from SHA1. The public key has been updated. This is due to issue 1638.
• 2025-03-11: the minimum TLS version has been increased, now that many of the older (and outdated) Linux distributions support newer TLS versions.
• 2025-03-10: packages.cisofy.com has new IP addresses (89.41.171.41 / 2a01:7c8:e001:1cb::c1d4) as part of a migration
• 2023-08-07: For better backward compatibility we signed RPMs with the old key again (0ACF951B, public key).
• 2023-08-07: several changes were made to our build process, including an upgrade in the software stack. RPM files contain now multiple hashes, so that each different version of RPM can use the strongest hashing algorithm that it supports.
• 2023-08-03: Key for RPMs was previously 0ACF951B and is now C2FDE6C4.
• 2023-08-02: key change for repository and Linux distributions that use RPM files. Key changed from 824612E20ACF951B to 9DE922F1C2FDE6C4, signature upgraded from RSA/SHA1 to RSA/SHA512. SHA1 was used for a while to keep supporting older distributions. That support is now dropped to prevent newer distributions have to fallback on an outdated hashing algorithm.
• 2021-06-22: Key D48C4F9C is replaced by C2FDE6C4.
• 2021-06-22: we rotated some of our keys (old key D48C4F9C is replaced by C2FDE6C4). The repo also no longer hosts files for old Debian/Ubuntu distributions (e.g. xenial). Solution: Update your apt file and replace the old distribution name with 'stable' (without quotes).

Issues with the repository

Getting a 403?

Most likely your IP address or network has been blocked due to excessive requests. This repository is fair-use and excessive requests may hinder the service for others.

Set up a caching proxy or internal repository server that pulls in updates. Then point your client systems to your own repository or have them fetch the updates via your proxy.

Report issues

Got an issue with the repository? Please report it at GitHub.

Common errors

Examples of an error that you may encounter, before or after a key rotation:

SHA1 algorithm no longer supported

Error: Execution of '/bin/dnf -d 0 -e 1 -y install lynis' returned 1: warning: Signature not supported. Hash algorithm SHA1 not available.
warning: Signature not supported. Hash algorithm SHA1 not available.
Problem opening package lynis-3.0.8-100.noarch.rpm
Error: GPG check FAILED

Ensure that your repository file (cisofy-lynis.repo) is the same as listed within the examples on this website, purge any cache (dnf clean all), and update.

Public key missing or incorrect

Err:2 https://packages.cisofy.com/customers/YOUR-LICENSE-KEY/lynis-enterprise/deb daily InRelease                 
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9DE922F1C2FDE6C4

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used.
GPG error: https://packages.cisofy.com/community/lynis/deb stable InRelease: The following signatures were invalid:
EXPKEYSIG 3F873450D48C4F9C CISOfy Software (signed software packages) <[email protected]>

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packages.cisofy.com/customers/YOUR-LICENSE-KEY/lynis-enterprise/deb daily InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9DE922F1C2FDE6C4
W: Failed to fetch https://packages.cisofy.com/customers/YOUR-LICENSE-KEY/lynis-enterprise/deb/dists/daily/InRelease  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 9DE922F1C2FDE6C4
W: Some index files failed to download. They have been ignored, or old ones used instead.

Solution: import the new key according to the installation steps. For example: sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 013baa07180c50a7101097ef9de922f1c2fde6c4