Michael Harris
2012-Apr-25 23:22 UTC
[Puppet Users] Installing Jenkins with Puppet fails to import GPG key
I''ve asked this question over on serverfault<http://serverfault.com/questions/382158/installing-jenkins-with-puppet-fails-to-import-gpg-key>, but had no response. I''m trying to install Jenkins with Puppet using the manifests below. # init.pp class jenkins { include jenkins::install, jenkins::service } # service.pp class jenkins::service { service { "jenkins": ensure => running, hasstatus => true, hasrestart => true, enable => true, require => Class["jenkins::install"], } } # install.pp class jenkins::install { include jenkins::install::repo include jenkins::install::java package { "jenkins": ensure => present, require => Class[''jenkins::install::repo'',''jenkins::install::java''], } } # install/repo.pp class jenkins::install::repo { file { "/etc/pki/rpm-gpg/jenkins-ci.org.key": owner => root, group => root, mode => 0600, source => "puppet:///jenkins/jenkins-ci.org.key" } yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key", require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"] } } # install/java.pp class jenkins::install::java { package { "java-1.6.0-openjdk": ensure => present, } } The repo is added and the key written to the file system. However, I get the following error. err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change from absent to present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID d50582e6 Traceback (most recent call last): File "/usr/bin/yum", line 29, in ? yummain.user_main(sys.argv[1:], exit_code=True) File "/usr/share/yum-cli/yummain.py", line 309, in user_main errcode = main(args) File "/usr/share/yum-cli/yummain.py", line 261, in main return_code = base.doTransaction() File "/usr/share/yum-cli/cli.py", line 410, in doTransaction if self.gpgsigcheck(downloadpkgs) != 0: File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck self.getKeyForPackage(po, lambda x, y, z: self.userconfirm()) File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519, in getKeyForPackage keys = self._retrievePublicKey(keyurl, repo) File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484, in _retrievePublicKey keys_info = misc.getgpgkeyinfo(rawkey, multiple=True) File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in getgpgkeyinfo raise ValueError(str(e)) ValueError: unknown pgp packet type 17 at 706 This suggests to me that the key isn''t being imported successfully, and `rpm -qa gpg-pubkey` doesn''t show the key. If I manually `yum install jenkins` without the key imported I get the same error. With the key imported, the manual installation succeeds. I''m successfully installing other yum repos and keys standalone (basically the `install/repo.pp` manifest as its own module), such as EPEL, but as this repo is only for Jenkins I wanted to include it in my Jenkins module. Is there something wrong with my manifests? Or some other problem? **UPDATE**: If I run this manifest on the node with `puppet apply jenkins.pp` I get the following error. I don''t know if this is part of the problem or a red herring. # jenkins.pp file { "/etc/pki/rpm-gpg/jenkins-ci.org.key": owner => root, group => root, mode => 0600, source => "/root/jenkins-ci.org.key" } yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key", require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"] } # output warning: Could not retrieve fact fqdn notice: /Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined content as ''{md5}9fa06089848262c5a6383ec27fdd2575'' notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '''' to ''Jenkins'' notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed '''' to ''http://pkg.jenkins-ci.org/redhat'' notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed '''' to ''1'' notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed '''' to ''1'' notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '''' to ''file:///etc/pki/rpm-gpg/jenkins-ci.org.key'' notice: Finished catalog run in 0.11 seconds err: /File[/var/lib/puppet/rrd]/ensure: change from absent to directory failed: Could not set ''directory on ensure: Could not find group puppet err: Could not send report: Got 1 failure(s) while initializing: change from absent to directory failed: Could not set ''directory on ensure: Could not find group puppet Again, the repo is added but the key is not imported. Any advice would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Denmat
2012-Apr-26 01:17 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
Hi, The way that i import my keys is to set the gpg key for the yum repo like so: yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", } Should take care of the import for you. The ''updated'' issue is probably irrelevant. Cheers Den On 26/04/2012, at 9:22, Michael Harris <michael@twofishcreative.com> wrote:> I''ve asked this question over on serverfault, but had no response. > > I''m trying to install Jenkins with Puppet using the manifests below. > > # init.pp > class jenkins { > include jenkins::install, jenkins::service > } > > # service.pp > class jenkins::service { > service { "jenkins": > ensure => running, > hasstatus => true, > hasrestart => true, > enable => true, > require => Class["jenkins::install"], > } > } > > # install.pp > class jenkins::install { > include jenkins::install::repo > include jenkins::install::java > > package { "jenkins": > ensure => present, > require => Class[''jenkins::install::repo'',''jenkins::install::java''], > } > } > > # install/repo.pp > class jenkins::install::repo { > file { "/etc/pki/rpm-gpg/jenkins-ci.org.key": > owner => root, > group => root, > mode => 0600, > source => "puppet:///jenkins/jenkins-ci.org.key" > } > > yumrepo { "jenkins": > baseurl => "http://pkg.jenkins-ci.org/redhat", > descr => "Jenkins", > enabled => 1, > gpgcheck => 1, > gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key", > require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"] > } > } > > # install/java.pp > class jenkins::install::java { > package { "java-1.6.0-openjdk": > ensure => present, > } > } > > The repo is added and the key written to the file system. However, I get the following error. > > err: /Stage[main]/Jenkins::Install/Package[jenkins]/ensure: change from absent to present failed: Execution of ''/usr/bin/yum -d 0 -e 0 -y install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID d50582e6 > Traceback (most recent call last): > File "/usr/bin/yum", line 29, in ? > yummain.user_main(sys.argv[1:], exit_code=True) > File "/usr/share/yum-cli/yummain.py", line 309, in user_main > errcode = main(args) > File "/usr/share/yum-cli/yummain.py", line 261, in main > return_code = base.doTransaction() > File "/usr/share/yum-cli/cli.py", line 410, in doTransaction > if self.gpgsigcheck(downloadpkgs) != 0: > File "/usr/share/yum-cli/cli.py", line 510, in gpgsigcheck > self.getKeyForPackage(po, lambda x, y, z: self.userconfirm()) > File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3519, in getKeyForPackage > keys = self._retrievePublicKey(keyurl, repo) > File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 3484, in _retrievePublicKey > keys_info = misc.getgpgkeyinfo(rawkey, multiple=True) > File "/usr/lib/python2.4/site-packages/yum/misc.py", line 375, in getgpgkeyinfo > raise ValueError(str(e)) > ValueError: unknown pgp packet type 17 at 706 > > This suggests to me that the key isn''t being imported successfully, and `rpm -qa gpg-pubkey` doesn''t show the key. If I manually `yum install jenkins` without the key imported I get the same error. With the key imported, the manual installation succeeds. > > I''m successfully installing other yum repos and keys standalone (basically the `install/repo.pp` manifest as its own module), such as EPEL, but as this repo is only for Jenkins I wanted to include it in my Jenkins module. > > Is there something wrong with my manifests? Or some other problem? > > **UPDATE**: > > If I run this manifest on the node with `puppet apply jenkins.pp` I get the following error. I don''t know if this is part of the problem or a red herring. > > # jenkins.pp > file { "/etc/pki/rpm-gpg/jenkins-ci.org.key": > owner => root, > group => root, > mode => 0600, > source => "/root/jenkins-ci.org.key" > } > > yumrepo { "jenkins": > baseurl => "http://pkg.jenkins-ci.org/redhat", > descr => "Jenkins", > enabled => 1, > gpgcheck => 1, > gpgkey => "file:///etc/pki/rpm-gpg/jenkins-ci.org.key", > require => File["/etc/pki/rpm-gpg/jenkins-ci.org.key"] > } > > # output > warning: Could not retrieve fact fqdn > notice: /Stage[main]//File[/etc/pki/rpm-gpg/jenkins-ci.org.key]/ensure: defined content as ''{md5}9fa06089848262c5a6383ec27fdd2575'' > notice: /Stage[main]//Yumrepo[jenkins]/descr: descr changed '''' to ''Jenkins'' > notice: /Stage[main]//Yumrepo[jenkins]/baseurl: baseurl changed '''' to ''http://pkg.jenkins-ci.org/redhat'' > notice: /Stage[main]//Yumrepo[jenkins]/enabled: enabled changed '''' to ''1'' > notice: /Stage[main]//Yumrepo[jenkins]/gpgcheck: gpgcheck changed '''' to ''1'' > notice: /Stage[main]//Yumrepo[jenkins]/gpgkey: gpgkey changed '''' to ''file:///etc/pki/rpm-gpg/jenkins-ci.org.key'' > notice: Finished catalog run in 0.11 seconds > err: /File[/var/lib/puppet/rrd]/ensure: change from absent to directory failed: Could not set ''directory on ensure: Could not find group puppet > err: Could not send report: Got 1 failure(s) while initializing: change from absent to directory failed: Could not set ''directory on ensure: Could not find group puppet > > Again, the repo is added but the key is not imported. > > Any advice would be greatly appreciated. > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/vXiEqP6KCt4J. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Harris
2012-Apr-26 07:51 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
On Thursday, 26 April 2012 11:17:05 UTC+10, denmat wrote:> > > The way that i import my keys is to set the gpg key for the yum repo like > so: > > yumrepo { "jenkins": > baseurl => "http://pkg.jenkins-ci.org/redhat", > descr => "Jenkins", > enabled => 1, > gpgcheck => 1, > gpgkey => "http://pkg.jenkins-ci.org/redhat/ > jenkins-ci.org.key", > } > > Should take care of the import for you. >Cool, I didn''t know I could specify a URL for the key, thanks. However, I get the same error and the key still fails to import. cheers, Michael -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
denmat
2012-Apr-26 08:33 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
Hi, I just spun up a fresh AWS instance and did this: $ cat puppet.repo.pp class jenkins { yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", } package {"jenkins": ensure => latest } } include jenkins $ sudo puppet apply puppet.repo.pp notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/descr: descr changed '''' to ''Jenkins'' notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/baseurl: baseurl changed '''' to ''http://pkg.jenkins-ci.org/redhat'' notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/enabled: enabled changed '''' to ''1'' notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgcheck: gpgcheck changed '''' to ''1'' notice: /Stage[main]/Jenkins/Yumrepo[jenkins]/gpgkey: gpgkey changed '''' to ''http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key'' notice: /Stage[main]/Jenkins/Package[jenkins]/ensure: created notice: Finished catalog run in 10.20 seconds $ rpm -qa |grep jenkins jenkins-1.461-1.1.noarch That''s what I meant. You shouldn''t need to import the key as it should check against the public key in the url (if you where installing via rpm that might be different and will probably require the local import - haven''t tested myself). Den On Thu, Apr 26, 2012 at 5:51 PM, Michael Harris <michael@twofishcreative.com> wrote:> On Thursday, 26 April 2012 11:17:05 UTC+10, denmat wrote: >> >> >> The way that i import my keys is to set the gpg key for the yum repo like >> so: >> >> yumrepo { "jenkins": >> baseurl => "http://pkg.jenkins-ci.org/redhat", >> descr => "Jenkins", >> enabled => 1, >> gpgcheck => 1, >> gpgkey => >> "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", >> } >> >> Should take care of the import for you. > > > Cool, I didn''t know I could specify a URL for the key, thanks. > > However, I get the same error and the key still fails to import. > > cheers, Michael > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/cI79Jc80xg0J. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Harris
2012-Apr-26 21:51 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
On Thursday, 26 April 2012 18:33:18 UTC+10, denmat wrote:> > Hi, I just spun up a fresh AWS instance and did this: > > $ cat puppet.repo.pp > class jenkins { > > yumrepo { "jenkins": > baseurl => "http://pkg.jenkins-ci.org/redhat", > descr => "Jenkins", > enabled => 1, > gpgcheck => 1, > gpgkey => " > http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", > } > package {"jenkins": ensure => latest } > } > > include jenkins > >I appreciate your help, but with that manifest I get the same error on both the node I''m trying to install on and on a fresh CentOS 5.7 with Puppet 2.7.9. err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to latest failed: Could not update: Execution of ''/usr/bin/yum -d 0 -e 0 -y install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA signature: NOKEY, key ID d50582e6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Harris
2012-Apr-27 04:33 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
The following manifest results in the jenkins and epel repos being installed, rpm -qa gpg-pub* shows the epel key but not the jenkins key, and git is installed but not jenkins. class jenkins { yumrepo {"jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", } package {"jenkins": ensure => latest, require => Yumrepo["jenkins"] } } class git { yumrepo {"epel": baseurl => "http://mirror.aarnet.edu.au/pub/epel/5/i386", descr => "Extra Packages for Enterprise Linux (EPEL)", enabled => 1, gpgcheck => 1, gpgkey => "http://keys.gnupg.net:11371/pks/lookup?search=0x217521F6&op=get", } package {"git": ensure => latest, require => Yumrepo["epel"] } } include jenkins include git -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/jdXMr8S6OWkJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
denmat
2012-Apr-27 05:15 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
Well, the good news is you''re not crazy :) I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as you! I did a yum update and got the same issue - so it is not a common issue that is already fixed. I did a manual rpm --import of the key and the subsequent yum install worked. It is clearly an OS issue particular to Jenkins rather than a ''puppet'' issue (as Puppet installed via yum and installed the key automagically without an issue). What I did notice is that a copy of the key jenkins pubkey doesn''t get installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*: rpm -qi gpg-pubkey-d50582e6-4a3feef6 So, you could use this to install from scratch: class jenkins { exec { "key_import": command => "/bin/rpm --import http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key" onlyif => ''a test for the existence of rpm -qi gpg-pubkey-d50582e6-4a3feef6 doesn''t exist'' } yumrepo { "jenkins": baseurl => "http://pkg.jenkins-ci.org/redhat", descr => "Jenkins", enabled => 1, gpgcheck => 1, gpgkey => "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", require => Exec["key_import"], } package {"jenkins": ensure => latest, require => Yumrepo["jenkins"] } } include jenkins Normally what happens is that if it is ''assumed yes'', yum will automatically accept the public key via the url - I don''t know why Jenkins is different - but it appears to install a new repo file and try to import the pubkey again on install - maybe this confuses yum? Just speculating - not going to investigate further :) Cheers, Den On Fri, Apr 27, 2012 at 7:51 AM, Michael Harris <michael@twofishcreative.com> wrote:> On Thursday, 26 April 2012 18:33:18 UTC+10, denmat wrote: >> >> Hi, I just spun up a fresh AWS instance and did this: >> >> $ cat puppet.repo.pp >> class jenkins { >> >> yumrepo { "jenkins": >> baseurl => "http://pkg.jenkins-ci.org/redhat", >> descr => "Jenkins", >> enabled => 1, >> gpgcheck => 1, >> gpgkey => >> "http://pkg.jenkins-ci.org/redhat/jenkins-ci.org.key", >> } >> package {"jenkins": ensure => latest } >> } >> >> include jenkins >> > > I appreciate your help, but with that manifest I get the same error on both > the node I''m trying to install on and on a fresh CentOS 5.7 with Puppet > 2.7.9. > > err: /Stage[main]/Jenkins/Package[jenkins]/ensure: change from absent to > latest failed: Could not update: Execution of ''/usr/bin/yum -d 0 -e 0 -y > install jenkins'' returned 1: warning: rpmts_HdrFromFdno: Header V4 DSA > signature: NOKEY, key ID d50582e6 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/sVsibb6ExBsJ. > > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Michael Harris
2012-Apr-29 12:44 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
On Friday, 27 April 2012 15:15:34 UTC+10, denmat wrote:> > Well, the good news is you''re not crazy :) >At least, this isn''t evidence that I''m crazy, but I still could be :) Thanks for following up, and offering an alternative, I appreciate it. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/ztawf_kTbAsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
R. Tyler Croy
2012-Apr-30 17:32 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
On Fri, 27 Apr 2012, denmat wrote:> Well, the good news is you''re not crazy :) > > I loaded up a 5.7 instance and puppet 2.7.9+ and got the same result as you! > > I did a yum update and got the same issue - so it is not a common > issue that is already fixed. > > I did a manual rpm --import of the key and the subsequent yum install > worked. It is clearly an OS issue particular to Jenkins rather than a > ''puppet'' issue (as Puppet installed via yum and installed the key > automagically without an issue). > > What I did notice is that a copy of the key jenkins pubkey doesn''t get > installed into /etc/pki. But you can query it via rpm -qa gpg-pubkey*: > rpm -qi gpg-pubkey-d50582e6-4a3feef6Sounds like I should find a way to incorporate this workaround into my puppet-jenkins module (https://github.com/rtyler/puppet-jenkins). Glad you guys got this working regardless! Cheers - R. Tyler Croy -------------------------------------- Code: http://github.com/rtyler Chatter: http://twitter.com/agentdero rtyler@jabber.org
Dan Carley
2012-May-23 17:27 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
On 27 April 2012 06:15, denmat <tu2bgone@gmail.com> wrote:> > Normally what happens is that if it is ''assumed yes'', yum will > automatically accept the public key via the url - I don''t know why > Jenkins is different - but it appears to install a new repo file and > try to import the pubkey again on install - maybe this confuses yum? > Just speculating - not going to investigate further :) >The problem stems from Yum on EL5 not being able to parse user attributes within key. It can be worked around a bit more cleanly by removing the attribute from the public key. I''ve written a blog post with more details: http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Denmat
2012-May-23 21:09 UTC
Re: [Puppet Users] Installing Jenkins with Puppet fails to import GPG key
Well dug Dan :) On 24/05/2012, at 3:27, Dan Carley <dan.carley@gmail.com> wrote:> On 27 April 2012 06:15, denmat <tu2bgone@gmail.com> wrote: > Normally what happens is that if it is ''assumed yes'', yum will > automatically accept the public key via the url - I don''t know why > Jenkins is different - but it appears to install a new repo file and > try to import the pubkey again on install - maybe this confuses yum? > Just speculating - not going to investigate further :) > > The problem stems from Yum on EL5 not being able to parse user attributes within key. It can be worked around a bit more cleanly by removing the attribute from the public key. I''ve written a blog post with more details: > > http://dan.carley.co/blog/2012/05/22/yum-gpg-keys-for-jenkins/ > -- > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.