hey eric why do we not see the latest key in the release packages then ?
thanks.
# yum info puppet-release
Available Packages
Name : puppet-release
Arch : noarch
Version : 1.0.0
Release : 14.el6
Description : Release packages for the Puppet repository
:
: Contains the following components:
: gpg_key 2019.4.8
: repo_definition 2020.06.02
# yum info puppet6-release
Available Packages
Name : puppet6-release
Arch : noarch
Version : 6.0.0
Release : 10.el6
Description : Release packages for the Puppet 6 repository
:
: Contains the following components:
: gpg_key 2019.4.8
: repo_definition 2020.05.18
On Monday, 11 January 2021 at 22:05:04 UTC [email protected] wrote:
>
> Puppet Platform GPG signing was initially scheduled for November last year
> but it was delayed until just now.
>
> Today I made the internal change to start signing with the updated key.
>
>
> On Wednesday, October 21, 2020 at 4:24:41 PM UTC-7 Eric Griswold wrote:
>
>> Why This Change
>>
>> Puppet sets its package signing keys to expire on a set schedule for good
>> security practices.
>> Summary
>>
>> On November 2, 2020, Puppet Release Engineering will start signing Puppet
>> Platform and Puppet Enterprise packages with an updated GPG key.
>> This is an explanation of how various existing users will be affected by
>> this change and what actions they will need to take.
>>
>> FOSS users can update their release packages and import the new GPG key
>> now so that when the GPG key changes, they will not see any problems
>> installing software.
>> Puppet Enterprise Users
>>
>> Puppet Enterprise users do not need to take any specific action, the GPG
>> change will be handled inside the PE installer.
>> FOSS Users
>>
>> Puppet Release Engineering updated the yum and apt release packages to
>> contain both the new key and the current key just before June 3, 2020. If
>> you have installed or updated the release package since that date you
>> should already have the new key.
>>
>> SLES users, however, need to take an additional step:
>> SLES Users
>>
>> SLES users need to take these steps. (Replace "puppet-release" with
>> "puppet5-release" or "puppet6-release" if you are using those packages)
>>
>> 1.
>>
>> Download the updated GPG key: $ curl --remote-name --location
>> https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406
>> 2.
>>
>> Import the updated GPG key: $ sudo rpm --import
>> RPM-GPG-KEY-puppet-20250406
>> 3.
>>
>> Update the SLES puppet-release package $ zypper update puppet-release
>>
>> All Other FOSS users
>>
>> All other FOSS users need only upgrade to the latest puppet-release
>> package. (Replace "puppet-release" with "puppet5-release" or
>> "puppet6-release" if you are using those packages)
>>
>> For the apt users: $ sudo apt-get upgrade puppet-release
>>
>> For the yum users: $ sudo yum update puppet-release
>> Further Notes
>>
>> Puppet GPG signing key, 2020 edition
>> <https://puppet.com/blog/updated-puppet-gpg-signing-key-2020-edition>
>> contains this and some more information about updating the GPG key using
>> Puppet.
>>
>> Eric Griswold
>>
>> Puppet Release Engineering
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/bd59894b-82b0-43e0-ba19-bcc8ca000db6n%40googlegroups.com.
