Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-3307

puppetlabs-apt doesn't detect or allow updating expired keys


    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: puppet_agent 1.1.0
    • Fix Version/s: None
    • Component/s: apt
    • Labels:
    • Environment:

      Ubuntu 14.04, puppet version 3.8.7 with puppetlabs-apt version 2.2.2


      I'm using puppet to manager CRAN's R. Their APT signing key is installed with:

      apt::key { 'crankey':
                id      => 'E298A3A825C0D65DFD57CBB651716619E084DAB9',
                server  => 'keyserver.ubuntu.com',

      This works great on new systems, but on older systems they have an expired key, with the same fingerprint.

      There is an ensure => present, but unlike packages there's no ensure => latest. Nor is there any way I could find documented to check if the key is valid, or refresh the key from the keyserver.

      So the result is apt fails with:

      W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://cran.us.r-project.org trusty/ Release: The following signatures were invalid: KEYEXPIRED 1445181253 KEYEXPIRED 1445181253 KEYEXPIRED 1445181253

      If I view the key:

      pub   2048R/E084DAB9 2010-10-19 [expired: 2015-10-18]
            Key fingerprint = E298 A3A8 25C0 D65D FD57  CBB6 5171 6619 E084 DAB9
      uid                  Michael Rutter <marutter@gmail.com>

      On a newer system:

      pub   2048R/E084DAB9 2010-10-19 [expires: 2020-10-16]
            Key fingerprint = E298 A3A8 25C0 D65D FD57  CBB6 5171 6619 E084 DAB9
      uid                  Michael Rutter <marutter@gmail.com>
      sub   2048R/1CFF3E8F 2010-10-19 [expires: 2020-10-16]

      Note the fingerprint is the same, but the expiration is different. So the problem is the puppetlabs-apt seems to have no way for me to ask for an up to date key.





              • Assignee:
                eimhin.laverty Eimhin Laverty
                bill@broadley.org Bill Broadley
              • Votes:
                12 Vote for this issue
                19 Start watching this issue


                • Created:

                  Zendesk Support