kenyon
commented
2 years ago Looks like tests need to be updated as well.
Closed logicminds closed 8 months ago
kenyon
commented
2 years ago Looks like tests need to be updated as well.
thorstenk
commented
2 years ago The key is still (again?) available on keyserver.ubuntu.com, see http://keyserver.ubuntu.com/pks/lookup?search=packages%40gitlab.com&fingerprint=on&op=index
The original key expired on 2022-03-02T15:16:59Z but GitLab refreshed the key the same day at 2022-03-02T17:21:45Z. This is fine for manual key management (and documented) but requires a bit more effort in config management. Fortunately the maintainers of puppetlabs-apt already considered that case and implemented a ensure => 'refresh' option that only looks for a refreshed key when it's already expired (see source code).
IMHO keyserver.ubuntu.com is still/again valid as a source for the Apt signing key but a ensure => 'refresh' should be added to the key hash.
NeatNerdPrime
commented
1 year ago Just my 2cents for whoever is still encountering this issue.
This branch would indeed fix the Apt key issue source. Today it's still not available on the default keyserver (keyserver.ubuntu.com) .
However it should be noted that the injection of apt keys with apt-key add is deprecated in favor of "signed-by" mechanism.
I'd say the "clean fix/workaround" is either to :
References:
bastelfreak
commented
8 months ago I think this is a valid workaround until puppetlabs/apt is improved.
Clone of #129
Pull Request (PR) description
This PR adds Gitlab's Apt sigining key directly from the source instead of relying on keyserver.ubuntu.com (which currently doesn't seem to provide the key when running /usr/bin/apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6403F6544A38863DAA0B6E03F01618A51312F3F which is what this module attempts to do on Debian-based systems.).
This Pull Request (PR) fixes the following issues
128 and closes #129