Why This Change
Puppet sets its package signing keys to expire on a set schedule for
good security practices.
Summary
On November 2, 2020, Puppet Release Engineering will start signing
Puppet Platform and Puppet Enterprise packages with an updated GPG key.
This is an explanation of how various existing users will be affected by
this change and what actions they will need to take.
FOSS users can update their release packages and import the new GPG key
nowso that when the GPG key changes, they will not see any problems
installing software.
Puppet Enterprise Users
Puppet Enterprise users do not need to take any specific action, the GPG
change will be handled inside the PE installer.
FOSS Users
Puppet Release Engineering updated the yum and apt release packages to
contain both the new key and the current key just before June 3, 2020.
If you have installed or updated the release package since that date you
should already have the new key.
SLES users, however, need to take an additional step:
SLES Users
SLES users need to take these steps. (Replace "puppet-release" with
"puppet5-release" or "puppet6-release" if you are using those packages)
1.
Download the updated GPG key: $ curl --remote-name --location
https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406
2.
Import the updated GPG key: $ sudo rpm --import
RPM-GPG-KEY-puppet-20250406
3.
Update the SLES puppet-release package$ zypper update puppet-release
All Other FOSS users
All other FOSS users need only upgrade to the latest puppet-release
package. (Replace "puppet-release" with "puppet5-release" or
"puppet6-release" if you are using those packages)
For the apt users: $ sudo apt-get upgrade puppet-release
For the yum users: $ sudo yum update puppet-release
Further Notes
Puppet GPG signing key, 2020 edition
<https://puppet.com/blog/updated-puppet-gpg-signing-key-2020-edition>contains
this and some more information about updating the GPG key using Puppet.
Eric Griswold
Puppet Release Engineering
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/a0197cec-5d70-5594-c67e-b702732a43a9%40puppet.com.
