OK great that makes sense...in fact I guess you mean since July 2019 as I see the newer key in puppet6-release from a while ago which is good...
# rpm -qi puppet6-release Name : puppet6-release Version : 6.0.0 Release : 5.el6 Install Date: Sat 28 Sep 2019 01:15:09 PM BST # rpm -ql puppet6-release /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet6-release /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release Thanks. On Tuesday, 12 January 2021 at 19:01:46 UTC [email protected] wrote: > Hi Andy, > > Sorry for the confusion. Let's see if I can clear it up. > > The release packages already contain both the old key (due to expire > August 17, 2021) and the new key (due to expire April 6, 2025). They've > been this way since last July. The Description is misleading, I admit. > > Yesterday, I flipped an internal switch that any packages released after > the switch would be signed with the new key. Puppet Platform will continue > their normal release process and will be viable with either key until the > old one expires in August. > > As this rolls out in the coming weeks, I won't be terribly surprised if > there's an occasional unforeseen problem with a package. I encourage > bringing any issues to our attention and we'll work to fix them as quickly > as I can. > > Eric > > On Tuesday, January 12, 2021 at 3:43:41 AM UTC-8 Andy Hall wrote: > >> hey eric why do we not see the latest key in the release packages then ? >> thanks. >> >> # yum info puppet-release >> Available Packages >> Name : puppet-release >> Arch : noarch >> Version : 1.0.0 >> Release : 14.el6 >> Description : Release packages for the Puppet repository >> : >> : Contains the following components: >> : gpg_key 2019.4.8 >> : repo_definition 2020.06.02 >> >> # yum info puppet6-release >> Available Packages >> Name : puppet6-release >> Arch : noarch >> Version : 6.0.0 >> Release : 10.el6 >> Description : Release packages for the Puppet 6 repository >> : >> : Contains the following components: >> : gpg_key 2019.4.8 >> : repo_definition 2020.05.18 >> >> On Monday, 11 January 2021 at 22:05:04 UTC [email protected] wrote: >> >>> >>> Puppet Platform GPG signing was initially scheduled for November last >>> year but it was delayed until just now. >>> >>> Today I made the internal change to start signing with the updated key. >>> >>> >>> On Wednesday, October 21, 2020 at 4:24:41 PM UTC-7 Eric Griswold wrote: >>> >>>> Why This Change >>>> >>>> Puppet sets its package signing keys to expire on a set schedule for >>>> good security practices. >>>> Summary >>>> >>>> On November 2, 2020, Puppet Release Engineering will start signing >>>> Puppet Platform and Puppet Enterprise packages with an updated GPG key. >>>> This is an explanation of how various existing users will be affected >>>> by this change and what actions they will need to take. >>>> >>>> FOSS users can update their release packages and import the new GPG key >>>> now so that when the GPG key changes, they will not see any problems >>>> installing software. >>>> Puppet Enterprise Users >>>> >>>> Puppet Enterprise users do not need to take any specific action, the >>>> GPG change will be handled inside the PE installer. >>>> FOSS Users >>>> >>>> Puppet Release Engineering updated the yum and apt release packages to >>>> contain both the new key and the current key just before June 3, 2020. If >>>> you have installed or updated the release package since that date you >>>> should already have the new key. >>>> >>>> SLES users, however, need to take an additional step: >>>> SLES Users >>>> >>>> SLES users need to take these steps. (Replace "puppet-release" with >>>> "puppet5-release" or "puppet6-release" if you are using those packages) >>>> >>>> 1. >>>> >>>> Download the updated GPG key: $ curl --remote-name --location >>>> https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 >>>> 2. >>>> >>>> Import the updated GPG key: $ sudo rpm --import >>>> RPM-GPG-KEY-puppet-20250406 >>>> 3. >>>> >>>> Update the SLES puppet-release package $ zypper update >>>> puppet-release >>>> >>>> All Other FOSS users >>>> >>>> All other FOSS users need only upgrade to the latest puppet-release >>>> package. (Replace "puppet-release" with "puppet5-release" or >>>> "puppet6-release" if you are using those packages) >>>> >>>> For the apt users: $ sudo apt-get upgrade puppet-release >>>> >>>> For the yum users: $ sudo yum update puppet-release >>>> Further Notes >>>> >>>> Puppet GPG signing key, 2020 edition >>>> <https://puppet.com/blog/updated-puppet-gpg-signing-key-2020-edition> >>>> contains this and some more information about updating the GPG key using >>>> Puppet. >>>> >>>> Eric Griswold >>>> >>>> Puppet Release Engineering >>>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6173a6d9-5e8d-4a83-b165-bbc43baf2788n%40googlegroups.com.
