diff --git a/eng/common/cross/install-debs.py b/eng/common/cross/install-debs.py
index 20ca770a1e2..1d1dfabf7dc 100755
--- a/eng/common/cross/install-debs.py
+++ b/eng/common/cross/install-debs.py
@@ -121,10 +121,14 @@ async def fetch_release_file(session, mirror, suite, keyring):
         await download_file(session, release_gpg_url, release_gpg_file.name)
 
         print("Verifying signature of Release with Release.gpg.")
-        verify_command = ["gpg"]
+        # Use gpgv rather than gpg for verification. gpgv verifies a detached
+        # signature against a fixed keyring without involving gpg-agent or
+        # keyboxd, which makes it robust on hosts running GnuPG 2.4+ (e.g. Azure
+        # Linux) where "gpg --keyring" routes through keyboxd and can fail.
+        verify_command = ["gpgv"]
         if keyring:
             verify_command += ["--keyring", keyring]
-        verify_command += ["--verify", release_gpg_file.name, release_file.name]
+        verify_command += [release_gpg_file.name, release_file.name]
         result = subprocess.run(verify_command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
 
         if result.returncode != 0: