diff --git a/files/etc/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg b/files/etc/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..1cc9f3f2df5734dc3ea7c33be841594b0fcf38ef
Binary files /dev/null and b/files/etc/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg differ
diff --git a/manifests/ubuntu_keyring.pp b/manifests/ubuntu_keyring.pp
new file mode 100644
index 0000000000000000000000000000000000000000..e4847023de758996eb83d4507128e66708b28dcc
--- /dev/null
+++ b/manifests/ubuntu_keyring.pp
@@ -0,0 +1,24 @@
+# This class installs the ubuntu package repository keyring. These keys
+# are needed so that the process that creates the chroot directories in
+# /var/cache/pbuild can download packages from the Ubuntu package
+# repositories.
+#
+# Debian bullseye does not include the ubuntu-keyring package so we
+# install the needed GPG key file directly.
+
+class su_debuild::ubuntu_keyring {
+
+  case $::lsbdistcodename {
+    'bullseye': {
+      file { '/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg':
+        ensure => present,
+        source => 'puppet:///modules/su_debuild/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg',
+        mode   => '0644',
+      }
+    }
+    default: { fail("do not know how to handle ${::lsbdistcodename}") }
+  }
+
+
+
+}