[Puppet Users] update apt key for puppetlabs and verify signature

Mon, 09 Jul 2012 12:32:30 -0700 

I did a set of google searches looking for the answer to this
question, but didn't find any good ones.  Since I believe the
community may benefit from my experience, I thought I'd post it.

While updating patches on ubuntu 10.04 on a staging puppet
environment, I noticed the apt key for puppetlabs had expired.  Rather
than blindly installing a keyring package that may not be verified, I
decided to verify manually.  Here are the steps:

"apt-get clean && apt-get update" yeilds
    ...
    Get:2 http://apt.puppetlabs.com lucid Release [8,845B]
    ...
    W: GPG error: http://apt.puppetlabs.com lucid Release: The
following signatures were invalid: KEYEXPIRED 1341792832

"apt-key list" shows:
       ...
    /etc/apt/trusted.gpg.d/pl-keyring.gpg
    -------------------------------------
    pub   4096R/4BD6EC30 2010-07-10 [expired: 2012-07-09]
    uid                  Puppet Labs Release Key (Puppet Labs Release
Key) <i...@puppetlabs.com>

"gpg --recv-key 4BD6EC30" says:
    gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
    gpg: /root/.gnupg/trustdb.gpg: trustdb created
    gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet
Labs Release Key) <i...@puppetlabs.com>" imported
    gpg: no ultimately trusted keys found
    gpg: Total number processed: 1
    gpg:               imported: 1  (RSA: 1)

"gpg --list-key --fingerprint 4BD6EC30" reports:
    pub   4096R/4BD6EC30 2010-07-10 [expires: 2016-07-08]
          Key fingerprint = 47B3 20EB 4C7C 375A A9DA  E1A0 1054 B7A2
4BD6 EC30
    uid                  Puppet Labs Release Key (Puppet Labs Release
Key) <i...@puppetlabs.com>

I checked and fingerprint matches the one listed at
http://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Verifying+Puppet+Downloads.

After running, "apt-key adv --keyserver keys.gnupg.net --recv-keys
4BD6EC30", apt-get update  runs without error.

note to moderators: I don't know if this information has already been
posted, but just in case it hasn't, here it is. It may not be
encountered by others depending on timing of their installation/
configuration.

Bob

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to