I want to install debian-backports-keyring on puppet clients. However, I can''t install it because the client doesn''t already have the key: -------------------------------------------------------------------------------- err: //Node[basenode]/tclbase/Package[debian-backports-keyring]/ensure: change from purged to present failed: Execution of ''/usr/bin/aptitude -y -o DPkg::Options::=--force-confold install debian-backports-keyring'' returned 255: Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Reading task descriptions... The following NEW packages will be installed: debian-backports-keyring 0 packages upgraded, 1 newly installed, 0 to remove and 1 not upgraded. Need to get 3362B of archives. After unpacking 49.2kB will be used. WARNING: untrusted versions of the following packages will be installed! Untrusted packages could compromise your system''s security. You should only proceed with the installation if you are certain that this is what you want to do. debian-backports-keyring Do you want to ignore this warning and proceed anyway? To continue, enter "Yes"; to abort, enter "No": Abort. -------------------------------------------------------------------------------- Catch-22: what it the recommended way of getting past this point (without manually installing the package on every client)? Thanks. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Jul 07, 2009 at 08:20:20PM +0100, Keith Edmunds wrote:> > I want to install debian-backports-keyring on puppet clients. However, I > can''t install it because the client doesn''t already have the key: > > debian-backports-keyring > > Do you want to ignore this warning and proceed anyway? > To continue, enter "Yes"; to abort, enter "No": Abort. > -------------------------------------------------------------------------------- > > Catch-22: what it the recommended way of getting past this point (without > manually installing the package on every client)?I normally install they gpg key using puppet instead of using the package. Although probably doing both is wise. eg exec { "add_vquence_apt_key": command => "apt-key add /etc/apt/packages_vquence_com.key", unless => "apt-key list | grep -q ''1024D/3F456D2A 2007-04-12 \\[expires: 2013-04-14\\]''", require => File["/etc/apt/packages_vquence_com.key"], before => Exec[''apt_updated''], } There is another file rule to get the key on each machine. Alternatively if you trust just grabbing the key over the internet you can use apt-key adv --recv-keys --keyserver keyserver.ubuntu.com KEYID Easiest way to find the key id I''ve found is to just apt-get update and copy the key it complains about. Cheers, John -- John Blog http://www.inodes.org/blog OLPC Friends http://olpcfriends.org --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---