FAQ
I did a set of google searches looking for the answer to this
question, but didn't find any good ones. Since I believe the
community may benefit from my experience, I thought I'd post it.

While updating patches on ubuntu 10.04 on a staging puppet
environment, I noticed the apt key for puppetlabs had expired. Rather
than blindly installing a keyring package that may not be verified, I
decided to verify manually. Here are the steps:

"apt-get clean && apt-get update" yeilds
...
Get:2 http://apt.puppetlabs.com lucid Release [8,845B]
...
W: GPG error: http://apt.puppetlabs.com lucid Release: The
following signatures were invalid: KEYEXPIRED 1341792832

"apt-key list" shows:
...
/etc/apt/trusted.gpg.d/pl-keyring.gpg
-------------------------------------
pub 4096R/4BD6EC30 2010-07-10 [expired: 2012-07-09]
uid Puppet Labs Release Key (Puppet Labs Release
Key) <info@puppetlabs.com>

"gpg --recv-key 4BD6EC30" says:
gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet
Labs Release Key) <info@puppetlabs.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

"gpg --list-key --fingerprint 4BD6EC30" reports:
pub 4096R/4BD6EC30 2010-07-10 [expires: 2016-07-08]
Key fingerprint = 47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2
4BD6 EC30
uid Puppet Labs Release Key (Puppet Labs Release
Key) <info@puppetlabs.com>

I checked and fingerprint matches the one listed at
http://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Verifying+Puppet+Downloads.

After running, "apt-key adv --keyserver keys.gnupg.net --recv-keys
4BD6EC30", apt-get update runs without error.

note to moderators: I don't know if this information has already been
posted, but just in case it hasn't, here it is. It may not be
encountered by others depending on timing of their installation/
configuration.

Bob

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Felix Frank at Jul 10, 2012 at 1:42 pm
    Hi,

    thanks for sharing, but apperently you missed the new key being
    announced to this group by Matthaus Litteken on July 5th. That would
    probably have saved you lots of trouble.

    Cheers,
    Felix
    On 07/09/2012 09:30 PM, rapid7bob wrote:
    I did a set of google searches looking for the answer to this
    question, but didn't find any good ones. Since I believe the
    community may benefit from my experience, I thought I'd post it.

    While updating patches on ubuntu 10.04 on a staging puppet
    environment, I noticed the apt key for puppetlabs had expired. Rather
    than blindly installing a keyring package that may not be verified, I
    decided to verify manually. Here are the steps:

    "apt-get clean && apt-get update" yeilds
    ...
    Get:2 http://apt.puppetlabs.com lucid Release [8,845B]
    ...
    W: GPG error: http://apt.puppetlabs.com lucid Release: The
    following signatures were invalid: KEYEXPIRED 1341792832

    "apt-key list" shows:
    ...
    /etc/apt/trusted.gpg.d/pl-keyring.gpg
    -------------------------------------
    pub 4096R/4BD6EC30 2010-07-10 [expired: 2012-07-09]
    uid Puppet Labs Release Key (Puppet Labs Release
    Key) <info@puppetlabs.com>

    "gpg --recv-key 4BD6EC30" says:
    gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
    gpg: /root/.gnupg/trustdb.gpg: trustdb created
    gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet
    Labs Release Key) <info@puppetlabs.com>" imported
    gpg: no ultimately trusted keys found
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)

    "gpg --list-key --fingerprint 4BD6EC30" reports:
    pub 4096R/4BD6EC30 2010-07-10 [expires: 2016-07-08]
    Key fingerprint = 47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2
    4BD6 EC30
    uid Puppet Labs Release Key (Puppet Labs Release
    Key) <info@puppetlabs.com>

    I checked and fingerprint matches the one listed at
    http://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Verifying+Puppet+Downloads.

    After running, "apt-key adv --keyserver keys.gnupg.net --recv-keys
    4BD6EC30", apt-get update runs without error.

    note to moderators: I don't know if this information has already been
    posted, but just in case it hasn't, here it is. It may not be
    encountered by others depending on timing of their installation/
    configuration.

    Bob
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Rapid7bob at Jul 10, 2012 at 6:04 pm
    Yes, new to the group -- thanks. It took about 10 minutes to find and had
    I searched on the keyid and updated before the expiration, it would have
    been easier. Unfortunately, I was out of the office and it was fairly
    short notice over a holiday week (at least in the US).

    Cheers!

    Bob
    On Tuesday, July 10, 2012 6:42:15 AM UTC-7, Felix.Frank wrote:

    Hi,

    thanks for sharing, but apperently you missed the new key being
    announced to this group by Matthaus Litteken on July 5th. That would
    probably have saved you lots of trouble.

    Cheers,
    Felix
    On 07/09/2012 09:30 PM, rapid7bob wrote:
    I did a set of google searches looking for the answer to this
    question, but didn't find any good ones. Since I believe the
    community may benefit from my experience, I thought I'd post it.

    While updating patches on ubuntu 10.04 on a staging puppet
    environment, I noticed the apt key for puppetlabs had expired. Rather
    than blindly installing a keyring package that may not be verified, I
    decided to verify manually. Here are the steps:

    "apt-get clean && apt-get update" yeilds
    ...
    Get:2 http://apt.puppetlabs.com lucid Release [8,845B]
    ...
    W: GPG error: http://apt.puppetlabs.com lucid Release: The
    following signatures were invalid: KEYEXPIRED 1341792832

    "apt-key list" shows:
    ...
    /etc/apt/trusted.gpg.d/pl-keyring.gpg
    -------------------------------------
    pub 4096R/4BD6EC30 2010-07-10 [expired: 2012-07-09]
    uid Puppet Labs Release Key (Puppet Labs Release
    Key) <info@puppetlabs.com>

    "gpg --recv-key 4BD6EC30" says:
    gpg: requesting key 4BD6EC30 from hkp server keys.gnupg.net
    gpg: /root/.gnupg/trustdb.gpg: trustdb created
    gpg: key 4BD6EC30: public key "Puppet Labs Release Key (Puppet
    Labs Release Key) <info@puppetlabs.com>" imported
    gpg: no ultimately trusted keys found
    gpg: Total number processed: 1
    gpg: imported: 1 (RSA: 1)

    "gpg --list-key --fingerprint 4BD6EC30" reports:
    pub 4096R/4BD6EC30 2010-07-10 [expires: 2016-07-08]
    Key fingerprint = 47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2
    4BD6 EC30
    uid Puppet Labs Release Key (Puppet Labs Release
    Key) <info@puppetlabs.com>

    I checked and fingerprint matches the one listed at
    http://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Verifying+Puppet+Downloads.
    After running, "apt-key adv --keyserver keys.gnupg.net --recv-keys
    4BD6EC30", apt-get update runs without error.

    note to moderators: I don't know if this information has already been
    posted, but just in case it hasn't, here it is. It may not be
    encountered by others depending on timing of their installation/
    configuration.

    Bob
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Qg5xjRgzjL0J.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Krish at Aug 3, 2012 at 6:05 am

    On Tue, Jul 10, 2012 at 7:12 PM, Felix Frank wrote:
    Hi,

    thanks for sharing, but apperently you missed the new key being
    announced to this group by Matthaus Litteken on July 5th. That would
    probably have saved you lots of trouble.

    Cheers,
    Felix

    I did a
    gpg --refresh-keys; gpg --recv-keys 4BD6EC30
    as per that email

    And the key is still showing expired.
    # apt-key list | grep -B1 "Puppet Labs"
    pub 4096R/4BD6EC30 2010-07-10 [expired: 2012-07-09]
    uid Puppet Labs Release Key (Puppet Labs Release Key)
    <info@puppetlabs.com>




    --
    Krish
    Hey! Checkout my new startup * www.toonheart.com *
    Like Us if you Like Us! - facebook.com/toonheart

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedJul 9, '12 at 7:32p
activeAug 3, '12 at 6:05a
posts4
users3
websitepuppetlabs.com

3 users in discussion

Rapid7bob: 2 posts Krish: 1 post Felix Frank: 1 post

People

Translate

site design / logo © 2022 Grokbase