Puppet
通過 puppet 更新 apt gpg 密鑰
puppet apt 儲存庫 PGP 密鑰已在幾天前過期
/etc/apt/trusted.gpg.d//puppetlabs-keyring.gpg ---------------------------------------------- pub 4096R/4BD6EC30 2010-07-10 [expired: 2016-07-08] uid Puppet Labs Release Key (Puppet Labs Release Key)
當然也可以手動更新
apt-key adv --recv-keys --keyserver keys.gnupg.net 4BD6EC30
但是,它可以通過自動執行的 Puppet 更新(例如通過 Puppet apt 模組)嗎?
不是美容解決方案,但以下對我有用:
exec { 'update_apt_key': command => '/usr/bin/apt-key adv --recv-keys --keyserver keys.gnupg.net 47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30', onlyif => "/usr/bin/apt-key adv --list-public-keys --with-fingerprint --with-colons | grep -B 1 47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30 | head -n 1 | grep -e '^pub:e:'", }
這是我們開始使用的(感謝garthk):
$key = '4BD6EC30' exec { 'apt-key puppetlabs': path => '/bin:/usr/bin', unless => "apt-key list | grep '${key}' | grep -v expired", command => "apt-key adv --keyserver keyserver.ubuntu.com \ --recv-keys ${key}", }
在 apt 模組打開的工單中進行更多討論