FAQ
I've asked this question over on serverfault<http://serverfault.com/questions/382158/installing-jenkins-with-puppet-fails-to-import-gpg-key>,
but had no response.

I'm trying to install Jenkins with Puppet using the manifests below.

# init.pp
class jenkins {
include jenkins::install, jenkins::service
}

# service.pp
class jenkins::service {
service { "jenkins":
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
require => Class["jenkins::install"],
}
}

# install.pp
class jenkins::install {
include jenkins::install::repo
include jenkins::install::java

package { "jenkins":
ensure => present,
require =>
Class['jenkins::install::repo','jenkins::install::java'],
}
}

# install/repo.pp
class jenkins::install::repo {
file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
owner => root,
group => root,
mode => 0600,
source => "puppet:///jenkins/jenkins-ci.org.key"
}

yumrepo { "jenkins":
baseurl => "http://pkg.jenkins-ci.org/redhat",
descr => "Jenkins",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
}
}

# install/java.pp
class jenkins::install::java {
package { "java-1.6.0-openjdk":
ensure => present,
}
}

The repo is added and the key written to the file system. However, I get
the following error.

err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change
from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y
install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
signature: NOKEY, key ID d50582e6
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 261, in main
return_code = base.doTransaction()
File "/usr/share/yum-cli/cli.py", line 410, in doTransaction
if self.gpgsigcheck(downloadpkgs) != 0:
File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck
self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line
3519, in getKeyForPackage
keys = self._retrievePublicKey(keyurl, repo)
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line
3484, in _retrievePublicKey
keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in
getgpgkeyinfo
raise ValueError(str(e))
ValueError: unknown pgp packet type 17 at 706

This suggests to me that the key isn't being imported successfully, and
`rpm -qa gpg-pubkey` doesn't show the key. If I manually `yum install
jenkins` without the key imported I get the same error. With the key
imported, the manual installation succeeds.

I'm successfully installing other yum repos and keys standalone (basically
the `install/repo.pp` manifest as its own module), such as EPEL, but as
this repo is only for Jenkins I wanted to include it in my Jenkins module.

Is there something wrong with my manifests? Or some other problem?

**UPDATE**:

If I run this manifest on the node with `puppet apply jenkins.pp` I get the
following error. I don't know if this is part of the problem or a red
herring.

# jenkins.pp
file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
owner => root,
group => root,
mode => 0600,
source => "/root/jenkins-ci.org.key"
}

yumrepo { "jenkins":
baseurl => "http://pkg.jenkins-ci.org/redhat",
descr => "Jenkins",
enabled => 1,
gpgcheck => 1,
gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
}

# output
warning: Could not retrieve fact fqdn
notice:
/Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined
content as '{md5}9fa06089848262c5a6383ec27fdd2575'
notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '' to
'Jenkins'
notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed ''
to 'http://pkg.jenkins-ci.org/redhat'
notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed ''
to '1'
notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed
'' to '1'
notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '' to
'file:///etc/pki/rpm-gpg/jenkins-ci.org.key'
notice: Finished catalog run in 0.11 seconds
err: /File[/var/lib/puppet/rrd]/ensure: change from absent to
directory failed: Could not set 'directory on ensure: Could not find group
puppet
err: Could not send report: Got 1 failure(s) while initializing:
change from absent to directory failed: Could not set 'directory on ensure:
Could not find group puppet

Again, the repo is added but the key is not imported.

Any advice would be greatly appreciated.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Denmat at Apr 26, 2012 at 1:17 am
    Hi,

    The way that i import my keys is to set the gpg key for the yum repo like so:

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }

    Should take care of the import for you.

    The 'updated' issue is probably irrelevant.

    Cheers
    Den

    On 26/04/2012, at 9:22, Michael Harris wrote:

    I've asked this question over on serverfault, but had no response.

    I'm trying to install Jenkins with Puppet using the manifests below.

    # init.pp
    class jenkins {
    include jenkins::install, jenkins::service
    }

    # service.pp
    class jenkins::service {
    service { "jenkins":
    ensure => running,
    hasstatus => true,
    hasrestart => true,
    enable => true,
    require => Class["jenkins::install"],
    }
    }

    # install.pp
    class jenkins::install {
    include jenkins::install::repo
    include jenkins::install::java

    package { "jenkins":
    ensure => present,
    require => Class['jenkins::install::repo','jenkins::install::java'],
    }
    }

    # install/repo.pp
    class jenkins::install::repo {
    file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
    owner => root,
    group => root,
    mode => 0600,
    source => "puppet:///jenkins/jenkins-ci.org.key"
    }

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
    require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
    }
    }

    # install/java.pp
    class jenkins::install::java {
    package { "java-1.6.0-openjdk":
    ensure => present,
    }
    }

    The repo is added and the key written to the file system. However, I get the following error.

    err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change from absent to present failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID d50582e6
    Traceback (most recent call last):
    File "/usr/bin/yum", line 29, in ?
    yummain.user_main(sys.argv[1:], exit_code=True)
    File "/usr/share/yum-cli/yummain.py", line 309, in user_main
    errcode = main(args)
    File "/usr/share/yum-cli/yummain.py", line 261, in main
    return_code = base.doTransaction()
    File "/usr/share/yum-cli/cli.py", line 410, in doTransaction
    if self.gpgsigcheck(downloadpkgs) != 0:
    File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck
    self.getKeyForPackage(po, lambda x, y, z: self.userconfirm())
    File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519, in getKeyForPackage
    keys = self._retrievePublicKey(keyurl, repo)
    File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484, in _retrievePublicKey
    keys_info = misc.getgpgkeyinfo(rawkey, multiple=True)
    File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in getgpgkeyinfo
    raise ValueError(str(e))
    ValueError: unknown pgp packet type 17 at 706

    This suggests to me that the key isn't being imported successfully, and `rpm -qa gpg-pubkey` doesn't show the key. If I manually `yum install jenkins` without the key imported I get the same error. With the key imported, the manual installation succeeds.

    I'm successfully installing other yum repos and keys standalone (basically the `install/repo.pp` manifest as its own module), such as EPEL, but as this repo is only for Jenkins I wanted to include it in my Jenkins module.

    Is there something wrong with my manifests? Or some other problem?

    **UPDATE**:

    If I run this manifest on the node with `puppet apply jenkins.pp` I get the following error. I don't know if this is part of the problem or a red herring.

    # jenkins.pp
    file { "/etc/pki/rpm-gpg/jenkins-ci.org.key":
    owner => root,
    group => root,
    mode => 0600,
    source => "/root/jenkins-ci.org.key"
    }

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key",
    require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"]
    }

    # output
    warning: Could not retrieve fact fqdn
    notice: /Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined content as '{md5}9fa06089848262c5a6383ec27fdd2575'
    notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '' to 'Jenkins'
    notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed '' to 'http://pkg.jenkins-ci.org/redhat'
    notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed '' to '1'
    notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed '' to '1'
    notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '' to 'file:///etc/pki/rpm-gpg/jenkins-ci.org.key'
    notice: Finished catalog run in 0.11 seconds
    err: /File[/var/lib/puppet/rrd]/ensure: change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet
    err: Could not send report: Got 1 failure(s) while initializing: change from absent to directory failed: Could not set 'directory on ensure: Could not find group puppet

    Again, the repo is added but the key is not imported.

    Any advice would be greatly appreciated.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Michael Harris at Apr 26, 2012 at 7:51 am

    On Thursday, 26 April 2012 11:17:05 UTC+10, denmat wrote:

    The way that i import my keys is to set the gpg key for the yum repo like
    so:

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://pkg.jenkins-ci.org/redhat/
    jenkins-ci.org.key",
    }

    Should take care of the import for you.
    Cool, I didn't know I could specify a URL for the key, thanks.

    However, I get the same error and the key still fails to import.

    cheers, Michael

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Denmat at Apr 26, 2012 at 8:33 am
    Hi, I just spun up a fresh AWS instance and did this:

    $ cat puppet.repo.pp
    class jenkins {

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }
    package {"jenkins": ensure => latest }
    }

    include jenkins

    $ sudo puppet apply puppet.repo.pp
    notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/descr: descr changed ''
    to 'Jenkins'
    notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/baseurl: baseurl changed
    '' to 'http://pkg.jenkins-ci.org/redhat'
    notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/enabled: enabled changed '' to '1'
    notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgcheck: gpgcheck
    changed '' to '1'
    notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgkey: gpgkey changed
    '' to 'http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key'
    notice: /Stage[main]/Jenkins/Package[jenkins]/ensure: created
    notice: Finished catalog run in 10.20 seconds

    $ rpm -qa |grep jenkins
    jenkins-1.461-1.1.noarch

    That's what I meant. You shouldn't need to import the key as it should
    check against the public key in the url (if you where installing via
    rpm that might be different and will probably require the local import
    - haven't tested myself).

    Den

    On Thu, Apr 26, 2012 at 5:51 PM, Michael Harris
    wrote:
    On Thursday, 26 April 2012 11:17:05 UTC+10, denmat wrote:


    The way that i import my keys is to set the gpg key for the yum repo like
    so:

    yumrepo { "jenkins":
    baseurl  => "http://pkg.jenkins-ci.org/redhat",
    descr    => "Jenkins",
    enabled  => 1,
    gpgcheck => 1,
    gpgkey   =>
    "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }

    Should take care of the import for you.

    Cool, I didn't know I could specify a URL for the key, thanks.

    However, I get the same error and the key still fails to import.

    cheers, Michael

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Michael Harris at Apr 26, 2012 at 9:51 pm

    On Thursday, 26 April 2012 18:33:18 UTC+10, denmat wrote:
    Hi, I just spun up a fresh AWS instance and did this:

    $ cat puppet.repo.pp
    class jenkins {

    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "
    http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }
    package {"jenkins": ensure => latest }
    }

    include jenkins
    I appreciate your help, but with that manifest I get the same error on both
    the node I'm trying to install on and on a fresh CentOS 5.7 with Puppet
    2.7.9.

    err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to
    latest failed: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y
    install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
    signature: NOKEY, key ID d50582e6

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Michael Harris at Apr 27, 2012 at 4:33 am
    The following manifest results in the jenkins and epel repos being
    installed, rpm -qa gpg-pub* shows the epel key but not the jenkins key, and
    git is installed but not jenkins.

    class jenkins {

    yumrepo {"jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }
    package {"jenkins":
    ensure => latest,
    require => Yumrepo["jenkins"]
    }
    }

    class git {
    yumrepo {"epel":
    baseurl => "http://mirror.aarnet.edu.au/pub/epel/5/i386",
    descr => "Extra Packages for Enterprise Linux (EPEL)",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://keys.gnupg.net:11371/pks/lookup?search=0x217521F6&op=get",
    }
    package {"git":
    ensure => latest,
    require => Yumrepo["epel"]
    }
    }

    include jenkins
    include git

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jdXMr8S6OWkJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Denmat at Apr 27, 2012 at 5:15 am
    Well, the good news is you're not crazy :)

    I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as you!

    I did a yum update and got the same issue - so it is not a common
    issue that is already fixed.

    I did a manual rpm --import of the key and the subsequent yum install
    worked. It is clearly an OS issue particular to Jenkins rather than a
    'puppet' issue (as Puppet installed via yum and installed the key
    automagically without an issue).

    What I did notice is that a copy of the key jenkins pubkey doesn't get
    installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*:
    rpm -qi gpg-pubkey-d50582e6-4a3feef6

    So, you could use this to install from scratch:
    class jenkins {

    exec { "key_import":
    command => "/bin/rpm --import
    http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key"
    onlyif => 'a test for the existence of rpm -qi
    gpg-pubkey-d50582e6-4a3feef6 doesn't exist'
    }
    yumrepo { "jenkins":
    baseurl => "http://pkg.jenkins-ci.org/redhat",
    descr => "Jenkins",
    enabled => 1,
    gpgcheck => 1,
    gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    require => Exec["key_import"],
    }
    package {"jenkins": ensure => latest, require => Yumrepo["jenkins"] }
    }

    include jenkins

    Normally what happens is that if it is 'assumed yes', yum will
    automatically accept the public key via the url - I don't know why
    Jenkins is different - but it appears to install a new repo file and
    try to import the pubkey again on install - maybe this confuses yum?
    Just speculating - not going to investigate further :)

    Cheers,
    Den

    On Fri, Apr 27, 2012 at 7:51 AM, Michael Harris
    wrote:
    On Thursday, 26 April 2012 18:33:18 UTC+10, denmat wrote:

    Hi, I just spun up a fresh AWS instance and did this:

    $ cat puppet.repo.pp
    class jenkins {

    yumrepo { "jenkins":
    baseurl  => "http://pkg.jenkins-ci.org/redhat",
    descr    => "Jenkins",
    enabled  => 1,
    gpgcheck => 1,
    gpgkey   =>
    "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key",
    }
    package {"jenkins": ensure => latest }
    }

    include jenkins
    I appreciate your help, but with that manifest I get the same error on both
    the node I'm trying to install on and on a fresh CentOS 5.7 with Puppet
    2.7.9.

    err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to
    latest failed: Could not update: Execution of '/usr/bin/yum -d 0 -e 0 -y
    install jenkins' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA
    signature: NOKEY, key ID d50582e6

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Michael Harris at Apr 29, 2012 at 12:44 pm

    On Friday, 27 April 2012 15:15:34 UTC+10, denmat wrote:
    Well, the good news is you're not crazy :)
    At least, this isn't evidence that I'm crazy, but I still could be :)

    Thanks for following up, and offering an alternative, I appreciate it.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ztawf_kTbAsJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • R. Tyler Croy at Apr 30, 2012 at 5:32 pm

    On Fri, 27 Apr 2012, denmat wrote:

    Well, the good news is you're not crazy :)

    I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as you!

    I did a yum update and got the same issue - so it is not a common
    issue that is already fixed.

    I did a manual rpm --import of the key and the subsequent yum install
    worked. It is clearly an OS issue particular to Jenkins rather than a
    'puppet' issue (as Puppet installed via yum and installed the key
    automagically without an issue).

    What I did notice is that a copy of the key jenkins pubkey doesn't get
    installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*:
    rpm -qi gpg-pubkey-d50582e6-4a3feef6

    Sounds like I should find a way to incorporate this workaround into my
    puppet-jenkins module (https://github.com/rtyler/puppet-jenkins).

    Glad you guys got this working regardless!


    Cheers
    - R. Tyler Croy
    --------------------------------------
    Code: http://github.com/rtyler
    Chatter: http://twitter.com/agentdero
    rtyler@jabber.org
  • Dan Carley at May 23, 2012 at 5:27 pm

    On 27 April 2012 06:15, denmat wrote:
    Normally what happens is that if it is 'assumed yes', yum will
    automatically accept the public key via the url - I don't know why
    Jenkins is different - but it appears to install a new repo file and
    try to import the pubkey again on install - maybe this confuses yum?
    Just speculating - not going to investigate further :)
    The problem stems from Yum on EL5 not being able to parse user attributes
    within key. It can be worked around a bit more cleanly by removing the
    attribute from the public key. I've written a blog post with more details:

    http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Denmat at May 23, 2012 at 9:09 pm
    Well dug Dan :)
    On 24/05/2012, at 3:27, Dan Carley wrote:

    On 27 April 2012 06:15, denmat wrote:
    Normally what happens is that if it is 'assumed yes', yum will
    automatically accept the public key via the url - I don't know why
    Jenkins is different - but it appears to install a new repo file and
    try to import the pubkey again on install - maybe this confuses yum?
    Just speculating - not going to investigate further :)

    The problem stems from Yum on EL5 not being able to parse user attributes within key. It can be worked around a bit more cleanly by removing the attribute from the public key. I've written a blog post with more details:

    http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedApr 25, '12 at 11:24p
activeMay 23, '12 at 9:09p
posts11
users4
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase