Jenkins now signs its Debian package with a new gpg key starting with LTS Jenkins 2.235.3. The announcement is at https://www.jenkins.io/blog/2020/07/27/repository-signing-keys-changing/
Our reprepro configuration refers to a key 9B7D32F2D50582E6, which I get would need to be adjusted?
Name: jenkins Method: http://pkg.jenkins-ci.org/debian-stable/ Suite: binary Flat: thirdparty GetInRelease: no Architectures: all>amd64 VerifyRelease: 9B7D32F2D50582E6 ListShellHook: grep-dctrl -X -S jenkins || [ $? -eq 1 ] Name: jenkins-stretch Method: http://pkg.jenkins-ci.org/debian-stable/ Suite: binary Flat: thirdparty/ci GetInRelease: no Architectures: all>amd64 VerifyRelease: 9B7D32F2D50582E6 ListShellHook: grep-dctrl -X -S jenkins || [ $? -eq 1 ]
Upstream publish the key at https://pkg.jenkins.io/debian-stable/jenkins.io.key
I could not find where we store that key in puppet :-\