OK great that makes sense...in fact I guess you mean since July 2019 as I see the newer key in puppet6-release from a while ago which is good...
# rpm -qi puppet6-release Name : puppet6-release Version : 6.0.0 Release : 5.el6 Install Date: Sat 28 Sep 2019 01:15:09 PM BST # rpm -ql puppet6-release /etc/pki/rpm-gpg/RPM-GPG-KEY-2025-04-06-puppet6-release /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet6-release Thanks. On Tuesday, 12 January 2021 at 19:01:46 UTC eric.g...@puppet.com wrote: > Hi Andy, > > Sorry for the confusion. Let's see if I can clear it up. > > The release packages already contain both the old key (due to expire > August 17, 2021) and the new key (due to expire April 6, 2025). They've > been this way since last July. The Description is misleading, I admit. > > Yesterday, I flipped an internal switch that any packages released after > the switch would be signed with the new key. Puppet Platform will continue > their normal release process and will be viable with either key until the > old one expires in August. > > As this rolls out in the coming weeks, I won't be terribly surprised if > there's an occasional unforeseen problem with a package. I encourage > bringing any issues to our attention and we'll work to fix them as quickly > as I can. > > Eric > > On Tuesday, January 12, 2021 at 3:43:41 AM UTC-8 Andy Hall wrote: > >> hey eric why do we not see the latest key in the release packages then ? >> thanks. >> >> # yum info puppet-release >> Available Packages >> Name : puppet-release >> Arch : noarch >> Version : 1.0.0 >> Release : 14.el6 >> Description : Release packages for the Puppet repository >> : >> : Contains the following components: >> : gpg_key 2019.4.8 >> : repo_definition 2020.06.02 >> >> # yum info puppet6-release >> Available Packages >> Name : puppet6-release >> Arch : noarch >> Version : 6.0.0 >> Release : 10.el6 >> Description : Release packages for the Puppet 6 repository >> : >> : Contains the following components: >> : gpg_key 2019.4.8 >> : repo_definition 2020.05.18 >> >> On Monday, 11 January 2021 at 22:05:04 UTC eric.g...@puppet.com wrote: >> >>> >>> Puppet Platform GPG signing was initially scheduled for November last >>> year but it was delayed until just now. >>> >>> Today I made the internal change to start signing with the updated key. >>> >>> >>> On Wednesday, October 21, 2020 at 4:24:41 PM UTC-7 Eric Griswold wrote: >>> >>>> Why This Change >>>> >>>> Puppet sets its package signing keys to expire on a set schedule for >>>> good security practices. >>>> Summary >>>> >>>> On November 2, 2020, Puppet Release Engineering will start signing >>>> Puppet Platform and Puppet Enterprise packages with an updated GPG key. >>>> This is an explanation of how various existing users will be affected >>>> by this change and what actions they will need to take. >>>> >>>> FOSS users can update their release packages and import the new GPG key >>>> now so that when the GPG key changes, they will not see any problems >>>> installing software. >>>> Puppet Enterprise Users >>>> >>>> Puppet Enterprise users do not need to take any specific action, the >>>> GPG change will be handled inside the PE installer. >>>> FOSS Users >>>> >>>> Puppet Release Engineering updated the yum and apt release packages to >>>> contain both the new key and the current key just before June 3, 2020. If >>>> you have installed or updated the release package since that date you >>>> should already have the new key. >>>> >>>> SLES users, however, need to take an additional step: >>>> SLES Users >>>> >>>> SLES users need to take these steps. (Replace "puppet-release" with >>>> "puppet5-release" or "puppet6-release" if you are using those packages) >>>> >>>> 1. >>>> >>>> Download the updated GPG key: $ curl --remote-name --location >>>> https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 >>>> 2. >>>> >>>> Import the updated GPG key: $ sudo rpm --import >>>> RPM-GPG-KEY-puppet-20250406 >>>> 3. >>>> >>>> Update the SLES puppet-release package $ zypper update >>>> puppet-release >>>> >>>> All Other FOSS users >>>> >>>> All other FOSS users need only upgrade to the latest puppet-release >>>> package. (Replace "puppet-release" with "puppet5-release" or >>>> "puppet6-release" if you are using those packages) >>>> >>>> For the apt users: $ sudo apt-get upgrade puppet-release >>>> >>>> For the yum users: $ sudo yum update puppet-release >>>> Further Notes >>>> >>>> Puppet GPG signing key, 2020 edition >>>> <https://puppet.com/blog/updated-puppet-gpg-signing-key-2020-edition> >>>> contains this and some more information about updating the GPG key using >>>> Puppet. >>>> >>>> Eric Griswold >>>> >>>> Puppet Release Engineering >>>> >>> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/6173a6d9-5e8d-4a83-b165-bbc43baf2788n%40googlegroups.com.
