smerle33
commented
4 months ago Note: @smerle33 did propose to add an
updateclimanifest to automate this change through a PR. It's a good idea but the hard part is to find a smart shell command to retrieve the new key as the filename or ID changes on each year:* 2023 Debian key URL: [keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public](https://keys.datadoghq.com/DATADOG_APT_KEY_F14F620E.public) * 2024 Debian key URL: [keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public](https://keys.datadoghq.com/DATADOG_APT_KEY_C0962C7D.public)=> no obvious technique, will need some hack (parsing keys.datadoghq.com, datadog API if any endpoint with these infos, or eventually a shell which extracts the ID of the key from their "latest" debian package and takes care of generating the new URL for download?
I would have used : https://keys.datadoghq.com/DATADOG_APT_KEY_CURRENT.public
Service(s)
Other
Summary
All the Linux builds (VM, containers, x86, arm64) of https://github.com/jenkins-infra/packer-images/ are failing since a few days with the following error:
As per https://docs.datadoghq.com/agent/guide/linux-key-rotation-2024/?tab=debianubuntu, datadog did rotate their public PGP key in June 2024 so we have to update our local copy in https://github.com/jenkins-infra/packer-images/blob/main/gpg-keys/datadog.gpg
⚠️ This issue prevents us to release a new version of the all-in-one images
Note: @smerle33 did propose to add an
updateclimanifest to automate this change through a PR. It's a good idea but the hard part is to find a smart shell command to retrieve the new key as the filename or ID changes on each year:=> no obvious technique, will need some hack (parsing https://keys.datadoghq.com/, datadog API if any endpoint with these infos, or eventually a shell which extracts the ID of the key from their "latest" debian package and takes care of generating the new URL for download?
Reproduction steps
No response