diff --git a/sync.run b/sync.run
index f33715d..d5c6b9e 100644
--- a/sync.run
+++ b/sync.run
@@ -27,18 +27,33 @@ if [[ ! -d $MIRROR_DIR ]]; then
     chown ipfs:ipfs $MIRROR_DIR
 fi
 
+if [[ ! -d /etc/debmirror/gnupg ]]; then
+    mkdir -p /etc/debmirror/gnupg
+    chown ipfs:ipfs /etc/debmirror/gnupg
+fi
+
 chpst -u ipfs /bin/bash << '__EOF__'
 
 export IPFS=/usr/local/bin/ipfs
 export HOME=/home/ipfs
 export IPFS_FD_MAX=4096
 
+export GNUPGHOME=/etc/debmirror/gnupg
+
+gpg \
+    --keyring $GNUPGHOME/trustedkeys.kbx --no-default-keyring \
+    --import /usr/share/keyrings/ubuntu-archive-keyring.gpg \
+
+gpg \
+    --keyring $GNUPGHOME/trustedkeys.kbx --no-default-keyring \
+    --recv-key 40976EAF437D05B5
+
 $IPFS config --json Experimental.FilestoreEnabled true
 
 echo "Synchronizing with the main Ubuntu mirror."
 
 debmirror \
-    --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
+    --keyring $GNUPGHOME/trustedkeys.kbx \
 	-a ${MIRROR_ARCHITECTURES:-amd64} \
 	--no-source \
 	-s ${MIRROR_CATEGORIES:-main,universe,multiverse,restricted} \