Page MenuHomePhabricator
Create Task
Maniphest T259116

Update Jenkins gpg release key in reprepro
Closed, ResolvedPublic
Actions

Description

Jenkins now signs its Debian package with a new gpg key starting with LTS Jenkins 2.235.3. The announcement is at https://www.jenkins.io/blog/2020/07/27/repository-signing-keys-changing/

Our reprepro configuration refers to a key 9B7D32F2D50582E6, which I get would need to be adjusted?

modules/aptrepo/files/updates
Name: jenkins
Method: http://pkg.jenkins-ci.org/debian-stable/
Suite: binary
Flat: thirdparty
GetInRelease: no
Architectures: all>amd64
VerifyRelease: 9B7D32F2D50582E6
ListShellHook: grep-dctrl -X -S jenkins || [ $? -eq 1 ]

Name: jenkins-stretch
Method: http://pkg.jenkins-ci.org/debian-stable/
Suite: binary
Flat: thirdparty/ci
GetInRelease: no
Architectures: all>amd64
VerifyRelease: 9B7D32F2D50582E6
ListShellHook: grep-dctrl -X -S jenkins || [ $? -eq 1 ]

Upstream publish the key at https://pkg.jenkins.io/debian-stable/jenkins.io.key

I could not find where we store that key in puppet :-\

Details

SubjectRepoBranchLines +/-
aptrepo: Update jenkins gpg release keyoperations/puppetproduction+2 -2
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 ResolvedakosiarisT259116 Update Jenkins gpg release key in reprepro

Event Timeline

hashar created this task.Jul 29 2020, 12:30 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 29 2020, 12:30 PM
gerritbot added a comment.Aug 6 2020, 3:24 PM

Change 618771 had a related patch set uploaded (by Alexandros Kosiaris; owner: Alexandros Kosiaris):
[operations/puppet@production] aptrepo: Update jenkins gpg release key

https://gerrit.wikimedia.org/r/618771

gerritbot added a project: Patch-For-Review.Aug 6 2020, 3:24 PM
akosiaris subscribed.Aug 6 2020, 3:24 PM

I could not find where we store that key in puppet :-\

That's cause we don't store it. We just use the fingerprint.

gerritbot added a comment.Aug 7 2020, 8:54 AM

Change 618771 merged by Alexandros Kosiaris:
[operations/puppet@production] aptrepo: Update jenkins gpg release key

https://gerrit.wikimedia.org/r/618771

Maintenance_bot removed a project: Patch-For-Review.Aug 7 2020, 9:10 AM
hashar closed this task as Resolved.Aug 7 2020, 9:48 AM
hashar assigned this task to akosiaris.

thank you

akosiaris added a comment.Aug 7 2020, 10:06 AM
In T259116#6365994, @akosiaris wrote:

I could not find where we store that key in puppet :-\

That's cause we don't store it. We just use the fingerprint.

Actually, that's wrong. We do store it, albeit in the puppet private repo, which is why you can't find a reference for it. We still just reference the Long ID of the fingerprint, but it must be a key already in the GPG keyring

hashar added a parent task: Restricted Task.Aug 7 2020, 2:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL