From c7709446cc990b28d41dce922e6e5b7270119b91 Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 8 Apr 2025 12:15:37 -0700 Subject: [PATCH 1/5] (PA-7437) Rotate GPG-KEY-puppet The GPG-KEY-puppet key expired 2025-01-02. Update it with the current one that doesn't expire: Before ``` $ openssl sha256 -r files/GPG-KEY-puppet 7908698a5b6c4ff2d555edd1a6d594d1c2071481e1e1f7fd753274a1ab201675 *files/GPG-KEY-puppet $ gpg --show-keys --with-fingerprint --with-subkey-fingerprint files/GPG-KEY-puppet pub rsa4096 2016-08-18 [SC] [expired: 2025-01-02] 6F6B 1550 9CF8 E59E 6E46 9F32 7F43 8280 EF8D 349F uid Puppet, Inc. Release Key (Puppet, Inc. Release Key) ``` After ``` $ openssl sha256 -r files/GPG-KEY-puppet 246d96c86c5a322c2a5e63b2072a238508ad3c2c29795ea56a51a3d355514aca *files/GPG-KEY-puppet $ gpg --show-keys --with-fingerprint --with-subkey-fingerprint files/GPG-KEY-puppet pub rsa4096 2019-04-08 [SC] D681 1ED3 ADEE B844 1AF5 AA8F 4528 B6CD 9E61 EF26 uid Puppet, Inc. Release Key (Puppet, Inc. Release Key) sub rsa4096 2019-04-08 [E] 90A2 9D0A 6576 E2CA 185A ED3E F230 A24E 9F05 7A83 ``` The new key matches other locations: ``` $ curl -sL https://apt.puppet.com/DEB-GPG-KEY-future | openssl sha256 -r 246d96c86c5a322c2a5e63b2072a238508ad3c2c29795ea56a51a3d355514aca *stdin $ curl -sL https://yum.puppet.com/RPM-GPG-KEY-puppet | openssl sha256 -r 246d96c86c5a322c2a5e63b2072a238508ad3c2c29795ea56a51a3d355514aca *stdin $ curl -sL https://yum-puppetcore.puppet.com/public/RPM-GPG-KEY-puppet | openssl sha256 -r 246d96c86c5a322c2a5e63b2072a238508ad3c2c29795ea56a51a3d355514aca *stdin ``` --- files/GPG-KEY-puppet | 168 +++++++++++++------------------------------ 1 file changed, 48 insertions(+), 120 deletions(-) diff --git a/files/GPG-KEY-puppet b/files/GPG-KEY-puppet index e6ac7761..36d12d87 100644 --- a/files/GPG-KEY-puppet +++ b/files/GPG-KEY-puppet @@ -1,124 +1,52 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFe2Iz4BEADqbv/nWmR26bsivTDOLqrfBEvRu9kSfDMzYh9Bmik1A8Z036Eg -h5+TZD8Rrd5TErLQ6eZFmQXk9yKFoa9/C4aBjmsL/u0yeMmVb7/66i+x3eAYGLzV -FyunArjtefZyxq0B2mdRHE8kwl5XGl8015T5RGHCTEhpX14O9yigI7gtliRoZcl3 -hfXtedcvweOf9VrV+t5LF4PrZejom8VcB5CE2pdQ+23KZD48+Cx/sHSLHDtahOTQ -5HgwOLK7rBll8djFgIqP/UvhOqnZGIsg4MzTvWd/vwanocfY8BPwwodpX6rPUrD2 -aXPsaPeM3Q0juDnJT03c4i0jwCoYPg865sqBBrpOQyefxWD6UzGKYkZbaKeobrTB -xUKUlaz5agSK12j4N+cqVuZUBAWcokXLRrcftt55B8jz/Mwhx8kl6Qtrnzco9tBG -T5JN5vXMkETDjN/TqfB0D0OsLTYOp3jj4hpMpG377Q+6D71YuwfAsikfnpUtEBxe -NixXuKAIqrgG8trfODV+yYYWzfdM2vuuYiZW9pGAdm8ao+JalDZss3HL7oVYXSJp -MIjjhi78beuNflkdL76ACy81t2TvpxoPoUIG098kW3xd720oqQkyWJTgM+wV96bD -ycmRgNQpvqHYKWtZIyZCTzKzTTIdqg/sbE/D8cHGmoy0eHUDshcE0EtxsQARAQAB +mQINBFyrv4oBEADhL8iyDPZ+GWN7L+A8dpEpggglxTtL7qYNyN5Uga2j0cusDdOD +ftPHsurLjfxtc2EFGdFK/N8y4LSpq+nOeazhkHcPeDiWC2AuN7+NGjH9LtvMUqKy +NWPhPYP2r/xPL547oDMdvLXDH5n+FsLFW8QgATHk4AvlIhGng0gWu80OqTCiL0HC +W7TftkF8ofP8k90SnLYbI9HDVOj6VYYtqG5NeoCHGAqrb79G/jq64Z/gLktD3IrB +CxYhKFfJtZ/BSDB8Aa4ht+jIyeFCNSbGyfFfWlHKvF3JngS/76Y7gxX1sbR3gHJQ +hO25AQdsPYKxgtIgNeB9/oBp1+V3K1W/nta4gbDVwJWCqDRbEFlHIdV7fvV/sqiI +W7rQ60aAY7J6Gjt/aUmNArvT8ty3szmhR0wEEU5/hhIVV6VjS+AQsI8pFv6VB8bJ +TLfOBPDW7dw2PgyWhVTEN8KW/ckyBvGmSdzSgAhw+rAe7li50/9e2H8eiJgBbGid +8EQidZgkokh331CMDkIA6F3ygiB+u2ZZ7ywxhxIRO70JElIuIOiofhVfRnh/ODlH +X7eD+cA2rlLQd2yWf4diiA7C9R8r8vPrAdp3aPZ4xLxvYYZV8E1JBdMus5GRy4rB +Avetp0Wx/1r9zVDKD/J1bNIlt0SR9FTmynZj4kLWhoCqmbrLS35325sS6wARAQAB tEhQdXBwZXQsIEluYy4gUmVsZWFzZSBLZXkgKFB1cHBldCwgSW5jLiBSZWxlYXNl -IEtleSkgPHJlbGVhc2VAcHVwcGV0LmNvbT6JAlUEEwEIAD8CGwMGCwkIBwMCBhUI -AgkKCwQWAgMBAh4BAheAFiEEb2sVUJz45Z5uRp8yf0OCgO+NNJ8FAmEeijsFCQ/A -nv0ACgkQf0OCgO+NNJ/P4w//dN8fo2pRz71lk0EVe1QhGhzhIEE1l/nVRCEGZkyi -0lYnzJJGhQEUNUtyeT0RhhCfNuU6lcCBDVjRu138tp0ldaybzs82cc8dL+hb2afA -fSwtfinfF051i4fH9I5Wmvn03zEX4ZLs/I7UPj75npgXBl/K2HCsLmMYoUka/SXA -ddn7hLAHsT3DvXaYosBgMR95B0l5JCMK0+aGLR9imTT+dZMO0jzKdvG7jbPB3JCx -S8JV0H+YXHat7SemlJU85s8iZuS1hxc0U1p5ZeLSxdC0K2ps/zsVLBAxT/OidEY2 -RKqDdl/Oz6/jllH+47JqUmK6/X/H6iVNq1jKeKbVobZdZliP/7ZpdIGiLjZX8CCm -GYtcIAOKD2fboeOaFBBr6GRjI5bX+Pn4b6R5zeRBrAylar0VUTzIrozbSFwk776i -iRrBZGMu+3KCFHd6FyAi+wMGv5iQue13/yc4/lmsniSjBgks2XL2lPZe60SXs1jq -++jUFsm4aRaIvkUUNsRwgmalGBqIll0SkaZc6J3f8i1noZb9o6iBwVb51B0eGLLj -jFNOBv8rh6cT+nx3o0ovaOfl49CEPXtCKkZvDTjEkj4aKR559DqQILc1R7dmmtb/ -cstKUm6KV3dIjnLO2MRuMNycBPLpmBRhQHLC9oh/pjhdXolaI9FsT+GqyClYDfeB -7PCJARwEEAEKAAYFAle3ddgACgkQEzlX6hECjfMZfgf9HHVvBIY8gVxVouAdEc1V -0UyIub1BHtpi/v3MLf6g+9FSW3ulctl9VcBl+UK6TLY0p6LhgGu2jFPqGF5c8/kT -1jLSU1jDFYDonUZwFsOtcBQGm2SxciX1VIP0MSP7FEGJAN1QtV8Uhyyvm434JVC0 -QkPiSqbitg9Y89EqyYULV+iBpFZk9LdbZcDFFoVtxCLh6XPE8L4MT9MI4PCi3dNb -yiiU0SzW+md6RZU/KxBdAsOSxUXiTPIuPsNQ6iMtfMTJLg4dPVgSYYQlB/CyB4Bp -cw+ad30Zm7ZFuk/8KYz9l0fnohgASdJ6+FkwwMFp/UsZ412qaf0LynfpTj0WFKkQ -eYkBHAQQAQIABgUCV7d4oAAKCRBeRSd+loAlrDdsB/0QWMkR3CF1txd6GEvPOCTY -/igOBZdOJJrhfaENzpxfCWGmMmdbrkRKxh9VAfAVcU7nSnKMBgmIvAFeIkB0i8eX -a6mNMNjFZXMQtvvL1GBB2F1NovRKBmur8CCVPqEgf3r5wiRnuQ5s0ehG4EDwA5ZF -9yFvBs65z4qJwyYT+zzsDmOBzTjgUZugHwBNyTIx/vk1LhIALgdLq4wjT5mdv7fY -nLkkuYQ6eR3qaGkNq3xCNQ3/v8HfL1wA+WXYtcGYZg1l/Kav7KXQIFeP5DJXCs3U -UhSDcgOMGoy1S37GD2rwQltfGh1eqRAXPZnYUN8bKmq3XJ8l/q3fZDIFyrBuvVgB -iQEcBBABCgAGBQJXt3GvAAoJEKRwb6LX2xQ1pEUH/Ambb7xjNbByZO5dOyg5hts0 -jK1m/xj7Mkivg2UWQwSc95uxVms1p329nLqkUjJ6Aw7544ORFUhanWdxmk7IyhQT -XjZy6f3QvrI0nyqIvmtYgj+cLoYlzsMFs+DuOXpGFCqyMAl4dwt9prZ6nOuOtGEM -KWtaXRqhHhquGqnGTx1GAG9veBrnpQNU1JMYmwiCA6OX9tt1DcBld5vSz08n9Ljs -DtXIbeGXb3HFgRV7g78zEPQBoeox6vEl9bqKUJBDmPAGOdy7permx86ByL65Xfxm -kPaLBdXZtv5ZRrR20A6p1WFV4PpSzaltLuiYTUhPxBw4vUts1pivCetJuGpCUUaJ -ARwEEAEIAAYFAle3gc8ACgkQ35wHbFHef8Q3rgf9GlUfCihaRI1fpmLKUzCTFItJ -LtIql2KlZrzAn68D9n8yrtjGy6lo4LrRvUYsLazJqmkT8fgGBiTFOpP01XfW8Vj/ -Pr8b2c7BM/ZTyKB+sQhAIAOgEOkyGLMMFNBunbkf4kVLZ+e6E4sX6BWs1BV64mN8 -pIAHkqYT5htmQVVP1RL4beqo5Cq8SE+OrIzRJefuUd0fRHpK1tfQ/UtE47Yzzho3 -6PumTMSlpRluYAkRJYrkk0GNf+ejE0HawOmxXYoptEz37QvmivupdpM08lW8oATz -6PP6d9IjmBzl9e/R2TcBshpz/XzcWlES7Me2cpmn9nrAOJhlQKQwxOkK2W3hh4kB -HAQQAQgABgUCV7tNSgAKCRDnu2PTfpJ6Hr7QB/9lYwpy1NcXNuYriA5wyrT3YHXJ -WLVecOJC6Q8aNVk4ngjzo0iuV27H3vXkkkqo4LB5tRJHo7p87g3Jpuey133HX9zA -N9buqiJEv33XLY/YZBDKJxHljdjZ8mCwJHI1n+viOLv6oTPAXaE/1JgfNK4HatO8 -q9eM8TIXraGWqnCzArWbmlaUDJqGv0m2gA0EiEomETd8VnmVJnlgY1NdGryu2HkT -DbcmEwgLEQr68HCkzfVyncx4JuZDGX6PVA7qpw9k7FMQ8EXMGH3tfmYh1lerFmbR -r8z6ieLe31DvLZaNy5wgnWUV6d1OYvRvH+MWQpB9H2NpBDBzMTp+E+TUtVsZiQEc -BBABCgAGBQJXt3riAAoJELrV8KOS6YVybTgH/0L6R5uDLBmDBXtBmpjXHwqoD0AX -6/v+0iK3iBvQSQ6bAfiZDWV9/rXGUeZu7X15e2bfPrfhDSVbOthTz8zgPBLl0ADB -ljZMkJVfWOJRXq3HFF94Ct6z+ATMU0N+9qrhl3ziHmMFJkxD2gNJnujNDg5Wt40/ -oHZfR0sAgi037+P9nYyvzov/pta94K33hS2zo6M50eMWaD21hQVgp+4sHlhNweq9 -V5/vfQxGi5rhBuDJPKIZSsyIEXmdcE5B3CLduxhutLaPE1IW4KrRnDrRN0HPYcWV -4cEW2GjRTPIJCAJqOHibrlnflVo5zHhR/SSrXK0hIDISP6srfe3PIOePe7GJARwE -EAEKAAYFAle3eu4ACgkQgkVRmFT8Go3PEAf/d35wYvLCgGmliIxQOWa2ZI2RLFRN -msvBuIQilDxZPKsGnFUgu/CP8hamT4ctQxNs7FxEBHbvVQTcVbxB7kQa7O/V1Oy/ -dvMbXcxGRdOpsvsamIYYAU6itVYLlOGsg/YyjYBNYxoz5xzxXIy2mnchLQw5PTDM -An877RTxnqUYtS2ETGMUeAjcQLwJYG9LlZ2fvXRH6PZ3wX0S+wAi7Z0G5GsyWV8n -z8ynkZsZQPUU0ZRpvrnxzeU4M7ChYkwW5EDhedSLQFSXCmVRAEbsrjKllyJWclEV -6pBvcdYwMdKGQ1tolUW+hbdtaQCXeT9aLxmnF+hIU7mwHgJpZKr5rj4d74kBHAQQ -AQoABgUCV7d7BwAKCRA8uGvyRSNt/Fq4CACUtYLaasP7c8ngIKKZylMpfv6HAlqM -ntMJEuP/UC87bUO9fKA3m9RCHBp0BJGsxEtTQD6BwJ3Ok27z37u9bHz6ok1TEROF -SOgMF3YzU/GVotIqfH6INWFcxQccTKWE4QwD6pCj0Bt5I90wFDKZk5TP4et53Tjj -lOXJVJrqk9moF+16P5T+KgKXL3F3vxIcLVrbWJBVvaT7Y11KBwO0eIhMPx2WURr4 -IkUblZFZ7Wut0gTGrMsqTvCpt+XYP1ABOEUbD1dUC8JfrqoLw+sxrdwPPhjRF6AJ -ImoCrfBieNw5bA/Gg5Bc7KdBNokPonZKpKsuxVyTHuHhvyy+Fhu9nzS+iQIcBBAB -AgAGBQJXt3utAAoJEMlzgXNs+Ef5QrUP/0gnj8B9kd+TdofRDGLAh/YsqSZhVjHM -DR5RFzipia0N74g9F94lxGtkjUSiiuxL594IDfc2ysCywSL2YprrfCwS4hekxZyv -7vvJGcRhy1tHYUfyKJFGOc2ncfxNRdAtCAJGO4TYe/dSunu68I8OPacUlJwENNGD -HITRXrqviEbbcviZ8PLmM/ZuQkQMwaj3gEN5rV3mIJDT1hDEEk1uRQx5yDZWSLbq -fQUsCEMWCcpihZBt2MXCbMdfHUDblXc4YPNW+F0t+Qtpjo5ToVLA/uT6fvC9EkNx -grt6o/8V2s3QfVNMiSLNLtyWG9UZe97/30I4ulGMlP+E2xAIY5eJ/CUYI3tWyeFt -YLoI2pQjPWFWi64I3+QiH9LfK59xuB5dunXTZv1a6EwjCyl74OJHRShdaHOsSJqq -KFiW5VWuAeJWvS8bkbIDfT2phpQVINXA1H7Y6UrLVtT2ED4hoXNIyYfL1zZiIOX8 -6uXXCy1lzpa0DpIOHHt9GMw3Lpc5+p7QZd9LAs1Yv4cUK193NHKQKoEU92swJDuy -U+CfH1zvAsgMLl46Q7+oODfcXyHYE627aoJ2W9zMzs6XddbO0OsqQnBGVcbfhSlU -tS4MyaFjEDVSd9bAcCNSnp3wdv2HxeriC7aXRTPrKCrfOiL0Lm+9uq8OeiVqyIj/ -MPqIwU3A2RjOiQIcBBABCAAGBQJXt4AvAAoJEBBUt6JL1uwwhX0P/0nbjZ8VSarn -dfnNQfjdRvzN435DL0m+kro2+f+Kruci9mKPz6Ex3rL6pBYecyCxrnqQiyOK2r2X -e88sct9aPnoEwvmnUeLOtdfJPbMHvVw7mfkjcQYSvQNfKZ2j3MGum9I9quSmSOJJ -RQygoN7vg+qiUN46jDym3z8plZ9SxOKs5I/0l5ZdDcZMO4yGqZ99FDTjXWPqtp16 -WRI+MSNNV+ur/WYfyEY/B9I8LSbEynwKApEZhPWiVuMsA1DCdIhwKsWLhl9sutex -em9SGNSaFrwZTQ05QsI9L/MRegitNiUHnCoR5fYbwKALiQ4RiKkhpCh9xDQDhTei -NO6K1+lKxw2n6YX6i2JhGAhyYc/0FwumOIcVkuHKXBmzas36HqxZEIpotBU9pSz7 -Zwx9Tjrwb4mygFSpIn5AFI2AhjeBCWCN/cfVV9SPvrKqF1maAIEUxnez6Zuz0BXb -zKR0GAzCyM3RXsecb3EBq4Gta+5Do1IKUj966gU4DX2bQzUbnEBNYizgruiImrPB -1geusmuXje7aQDd7177TLNaqTlO++PB21Ckzj73HI+mm8SeTihZbitvOnizF1tYR -z6wfCNVriMmLqoLcrr3YkaoatHfi8lrjNmVaLNLrGtNzrQLr55WmkyxOKrFtHHO9 -5UwFCPPVhAGeMqw/iCFW0fFjb/hdDtBmiQIcBBABCAAGBQJXt4HuAAoJEIcoUk/i -HT/GPVQQAIo/LV8FtCpf3KSaNABIdczzm7NgoRbnMHY9wyGzDs4leHd3A/2oBky9 -h64zUJ3xqq/qMbwTjxk1xSRpZYZl2BSElnVkBRjTNBvFxdP85ZzD+nO1xKZlJq9D -tTkLk1Yt9ZWN5AZhS7mYk5jeGBDSKN7whtc+z/IR2946Q1EeNddimXalp70xs5w7 -AJRU4jXZV/W1O3qELRQtG7nmL/q7x0Nz3c0+DvDQT7kYa36lWmglDhEZVBrqoyc5 -Sk38UavePU7O6Yk6pZ8CIMPpln7r8lbSnEZ6yJE0jJg3KIyp2JovBY0UKBMmaeQz -mTS6CeTjCwm94Mo0Ay7Rmj3g7iwYgD32/nQfhbU6ZcG3nr6TpLPwp26/HgmNg35T -Hd3IDgO8U+TcqGa1GPZ4ZURkraiIyf0KwdaKxbfIaorLIRiS4BqfuuML2xTkYF73 -GNzNqqEngkc9NyBY3iH+fE8XJmkwvmmH31kxSrhpr1CjQmxqHdtDMkbZef8c0Nyu -Um7fbujF3i8OdKbJ7vxs0BIDednVN+n7Id1zVkK5Vd2HU4oSR00nhQLNSwP3oP6i -S+Fjxl5oP7ARxV7r+DQu2qiPtLFI5WXw5N2iQmR5pwU0PIs7r5VIYWMt/vDeQ/Yu -RCo2iALBKBxiJY8HHpyOZS2TUjapURFt2RA+7yWa225Tlqu3s5YSiQIcBBABCgAG -BQJXt3u3AAoJEAJdv2eW7C8uVIQP/iWfyOWbHInIuUp21SkyHn3CVsJcpVgmpXvy -FdJvmF5dRkyzsTRTIHkh5SElQ1nqNYNto7U/5Z+Jn2HyiRTfh8tpR7pJ8amTgsLY -v0+gw0gqpPEmQSCZYhEj6dcjgumtSNS4WVhs6tX1HNybT54PwrohSoMVUL6yqKBU -03hRcwt/kuQY33IM/78Px37n/AtpDFuhRYN0kCSKNSM/GeAv3/vifZDCoJFO5X2r -ivQd7XjeRe4GrzjL9Qt0njO8b9LJmmsjPnKEgNvf/Czim33OaErnDZXVzCPQmU1k -Giqu4HzeS6uzD2A0nEvVGxFwBkECFrDCJHi2nZHVaTqk4zH751F93fqxXTgiOMRR -AOZpvaNqrJik3WbRgXqGNTNULquKiE7WYn6rYXunGfN2LpcighGZ4qokM3wo1mGa -ErXFvK3PgyAv6WpMETeyu52UTaaGG+dPgvr5R35O7bkLkdwfeUBYjnX6G/ZUq5zb -TKZYvnYiuYNcZgW4UglL20itthCwhLXpOgmcSr5EHJbHLXhIb1QyIquq5eXzGbEA -s/OS+HzF9R4VUOH0jyCAHzItbLqd+gxLUzPXp7E/IykgdIKfWR7FAF/jQPD3lLIw -daeou8sB7gNJEuDQvGu7gAl4FskKuq1WT5/cPaILtZNinbXBy3EEgIKvIwdF8N9O -eiu0uhFS -=raCQ +IEtleSkgPHJlbGVhc2VAcHVwcGV0LmNvbT6JAk4EEwEKADgCGwMFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AWIQTWgR7Tre64RBr1qo9FKLbNnmHvJgUCY2FVgAAKCRBF +KLbNnmHvJsJ8EADYKd0n0xV63/HzjKUh7v+R+X+YR7ArIcKdiQaQDs+F+e78c7zp +rXXhHQfXkJJMWUzcPuzle74Ma1qaobn3q93Lbdk5aZPsV9trM4VUVZi/95HGpzuP +pz6HFenw1/XRD60ZwuD5HROnVJeqiIRgupgmRt+Lfvk6m/dAAjlCMSLX/JpzV3Ho +mvpaGiXOL+/3KPlUnZ7wVDwniXvKkyt7/995cjVE4Nn9ulM6pakKkDd3NzpwjkAe +d3GVtPWR0KrC+1WF7aURRv/NYXUJ/Y3nzbjZhNI3efMdy1A87Gzljba0J4tYNjAp +3q6DOSawyZt841fDyrdxcetLJ1Rqcvd/ixd02EmkbH9QM6SwnaAbkk9D/L7zUIoA +EJt58sDb27+9Z5dE/Ke27uMTVnZYyrSlAIu2EYcUxcnJUnKcYLHs20ZM6MK87cia +/yxb46Sx48Oo4HEdD8pFRPjV/um7kx836gBmO+ujXjNoWKJIpGNlIbD8A52aCXLq +ltmXQ7zRV9GQJY+cVG3mzhC0hOMQ5muuY4iCmGj/ACllgTU4dWE2fp75n0wanGsF +Fe6IN7WHzOEd2I3vgToUlzk8z+0FYdvRq7/ZHFgx+wFcQ8q46W1K27hZAo2iEew1 +3aCVDKbsEYy3zFVqwCaHXhUZYUkF8C6BCPv3D8rO/8vHSATFDUC2Ek2eWLkCDQRc +q7+KARAAxX5WS3Qx0eHFkpxSecR2bVMh5NId/v5Ch0sXWTWp44I38L9Vo+nfbI+o +8wN5IdFtvhmQUXCUPfacegFVVyerxSuLb0YibhNL1/3xwD5aDMYSN5udx1wJTN1Y +mi1zWwDN0PMx3asJ2z31fK4LOHOP4gRvWfrJjYlkMD5ufmxK7bYWh80zIEHJkNJK +GbGcBB8MxJFP1dX85vwATY7N7jbpBQ0z6rLazfFyqmo8E3u5PvPQvJ06qMWF1g+t +TqqJSIT6kdqbznuWNGFpI0iO+k4eYAGcOS2L8v5/Au163BldDGHxTnnlh42MWTyx +7v0UBHKvI+WSC2rQq0x7a2WyswQ9lpqGbvShUSyR8/z6c0XEasDhhB3XAQcsIH5n +dKzS7GnQMVNjgFCyzr/7+TMBXJdJS3XyC3oi5yTX5qwt3RkZN1DXozkkeHxzow5e +E7cSHFFYboxFCcWmZNeHL/wQJms0pW2UL2crmXhVtj5RsG9fxh0nQnxmzrMbn+Px +QaW8Xh+Z5HWQ65PSt7dg8k4Y+pGD115/kG1U2PltlcoOLUwHLp24ptaaChj1tNg/ +VSWpMCaXeDmrk5xiZIRHe/P1p18+iTOQ2GXP4MBmfDwX9lHfQxTht/qB+ikBy4bV +qJmMDew4QAmHgPhRXzRwTH4lIMoYGPX3+TAGovdy5IZjaQtvahcAEQEAAYkCNgQY +AQoAIAIbDBYhBNaBHtOt7rhEGvWqj0Uots2eYe8mBQJjYVWwAAoJEEUots2eYe8m +eSsP/Rhm/coYjmyMF/klps0YN327p2WMF2TX6VzOcGltCq+IG0RgvsWTW5cKYSt2 +wmXfbUzN+FAsR7MOvIMtE4MzaUl7rXEZ8t9akcJxOaz4LRgctUTMuZtOkWZFIZeD +hXTpVAPOg9K16NcrRtqTJrAj90XV/dOBA/EpqTE8g6+tb3JLYH+Ro+zjJ7dMJ5q8 +Ci9PMMp/ZgRhCPdJxXfOfRv38aDv20rnMf3wp38VocsfhClRpzmKGwauS+mtSJHi +VoB+CAoeLoI2hwFhgYAUCp/Hjd5b1f2rfZ0+yhelUHLBosYeCeJ0pIiAhZOqdtKl +M1/XsDE3MXrmTdl61vkYlwCj3dG5CF7UGFWQdq3A6DrO2RJ1AFaOzKRVme/ZmaD+ +uRYyWv49vCEILGNdX3NiuwzPD90cqj1l/8gLVoFrMNIT1C4bxumbRnGCR5IjRsCD +cQwaFWiUIF60FTPL+wOfi6ZvVaTJMkOJEr4n52Bgs91foyVYBSTBYuLxJgSPvU9K +aiUTUVHDIatk081KOJ/+VuSqE4EAjW3dUczRvXYsB6kVjywiUrq6SQJjKypkvZ34 +4m7/5EyvIab5pWAt0hWd+7DAFM8wvB9RFdJn4e8vigmbtO0Quss5AXfGgrtyU2Y+ +IsGoLyORpynkDT6K1FmRr8cVG9gedP02z0hefqm3UhUmFSaj +=RCth -----END PGP PUBLIC KEY BLOCK----- - From 036d0bbef35811c8ec67f5a55261c235c31579ee Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 8 Apr 2025 16:05:12 -0700 Subject: [PATCH 2/5] (PA-7437) Drop expired GPG-KEY-puppet-20250406 The key expired 2025-04-06, so delete it. Update manifests and task to refer to GPG-KEY-puppet that was rotated in the previous commit. --- acceptance/helpers.rb | 2 +- docker/upgrade/sles/Dockerfile | 2 +- files/GPG-KEY-puppet-20250406 | 31 ----------------- manifests/osfamily/redhat.pp | 22 ++----------- manifests/osfamily/suse.pp | 19 +---------- .../puppet_agent_osfamily_redhat_spec.rb | 26 ++------------- .../puppet_agent_osfamily_suse_spec.rb | 33 ------------------- tasks/install_shell.sh | 2 +- 8 files changed, 8 insertions(+), 129 deletions(-) delete mode 100644 files/GPG-KEY-puppet-20250406 diff --git a/acceptance/helpers.rb b/acceptance/helpers.rb index 55f0efc7..5b2e7e1f 100644 --- a/acceptance/helpers.rb +++ b/acceptance/helpers.rb @@ -240,7 +240,7 @@ def set_up_initial_agent_on(host, initial_package_version_or_collection) # This discrepancy causes apt to error, so we manually add signing info. if %r{debian|ubuntu}.match?(host['platform']) step '(Agent) Add apt signing information' do - on(host, "sed -e 's/^deb http/deb [signed-by=\\/etc\\/apt\\/keyrings\\/GPG-KEY-puppet-20250406.asc] http/' /etc/apt/sources.list.d/puppet*.list -i") + on(host, "sed -e 's/^deb http/deb [signed-by=\\/etc\\/apt\\/keyrings\\/GPG-KEY-puppet.asc] http/' /etc/apt/sources.list.d/puppet*.list -i") end end diff --git a/docker/upgrade/sles/Dockerfile b/docker/upgrade/sles/Dockerfile index c801add3..6b1eee94 100644 --- a/docker/upgrade/sles/Dockerfile +++ b/docker/upgrade/sles/Dockerfile @@ -46,7 +46,7 @@ RUN if [[ ${before} == 7.* ]]; then \ fi # Install FROM version of puppet-agent. -RUN rpm --import https://yum.puppet.com/RPM-GPG-KEY-puppet-20250406 && \ +RUN rpm --import https://yum.puppet.com/RPM-GPG-KEY-puppet && \ zypper install --no-confirm --oldpackage --no-recommends --no-confirm puppet-agent-${before} # This is also duplicated in the docker/bin/helpers/run-upgrade.sh. diff --git a/files/GPG-KEY-puppet-20250406 b/files/GPG-KEY-puppet-20250406 deleted file mode 100644 index 333b379f..00000000 --- a/files/GPG-KEY-puppet-20250406 +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFyrv4oBEADhL8iyDPZ+GWN7L+A8dpEpggglxTtL7qYNyN5Uga2j0cusDdOD -ftPHsurLjfxtc2EFGdFK/N8y4LSpq+nOeazhkHcPeDiWC2AuN7+NGjH9LtvMUqKy -NWPhPYP2r/xPL547oDMdvLXDH5n+FsLFW8QgATHk4AvlIhGng0gWu80OqTCiL0HC -W7TftkF8ofP8k90SnLYbI9HDVOj6VYYtqG5NeoCHGAqrb79G/jq64Z/gLktD3IrB -CxYhKFfJtZ/BSDB8Aa4ht+jIyeFCNSbGyfFfWlHKvF3JngS/76Y7gxX1sbR3gHJQ -hO25AQdsPYKxgtIgNeB9/oBp1+V3K1W/nta4gbDVwJWCqDRbEFlHIdV7fvV/sqiI -W7rQ60aAY7J6Gjt/aUmNArvT8ty3szmhR0wEEU5/hhIVV6VjS+AQsI8pFv6VB8bJ -TLfOBPDW7dw2PgyWhVTEN8KW/ckyBvGmSdzSgAhw+rAe7li50/9e2H8eiJgBbGid -8EQidZgkokh331CMDkIA6F3ygiB+u2ZZ7ywxhxIRO70JElIuIOiofhVfRnh/ODlH -X7eD+cA2rlLQd2yWf4diiA7C9R8r8vPrAdp3aPZ4xLxvYYZV8E1JBdMus5GRy4rB -Avetp0Wx/1r9zVDKD/J1bNIlt0SR9FTmynZj4kLWhoCqmbrLS35325sS6wARAQAB -tEhQdXBwZXQsIEluYy4gUmVsZWFzZSBLZXkgKFB1cHBldCwgSW5jLiBSZWxlYXNl -IEtleSkgPHJlbGVhc2VAcHVwcGV0LmNvbT6JAlQEEwEKAD4WIQTWgR7Tre64RBr1 -qo9FKLbNnmHvJgUCXKu/igIbAwUJC0c1AAULCQgHAwUVCgkICwUWAgMBAAIeAQIX -gAAKCRBFKLbNnmHvJg/vD/0eOl/pBb6ooGnzg2qoD+XwgOK3HkTdvGNZKGsIrhUG -q6O0zoyPW8v9b/i7QEDre8QahARmMAEQ+T3nbNVzw4kpE+YIrEkKjoJsrF8/K/1L -zBHJCc3S9oF9KubG5BuQ4bAmcvnI+qpEYbSTLHztYGUfXAGu+MnaDf4C60G7zM6m -ec4bX8lVnt+gcsGGGCdN89XsZLBNdv21z9xMeaAPiRYJpbqwrb8cYbKQeqFSQt2M -UylN5oVeN77Q8iyXSyVwpc6uKzXdQ8bVPbKUTWSXQ4SSp0HJjtAMiDH2pjty4PG6 -EgZ6/njJLOzQ29ZgFrS19XLONlptHwKzLYB8nJhJvGHfzzInmNttDtNwTA6IxpsR -4aCnrPWFJRCbmMBNXvBR9B/O+e/T5ngL21ipMEwzEOiQlRSacnO2pICwZ5pARMRI -dxq/5BQYry9HNlJDGR7YIfn7i0oCGk5BxwotSlAPw8jFpNU/zTOvpQAdPvZje2JP -6GS+hYxSdHsigREXI2gxTvpcLk8LOe9PsqJv631e6Kvn9P9OHiihIp8G9fRQ8T7y -elHcNanV192mfbWxJhDAcQ+JEy9883lOanaCoaf/7z4kdmCQLz5/oNg2K0qjSgZH -JY/gxCOwuAuUJlLcAXQG6txJshfMxyQUO46DXg0/gjwkKgT/9PbTJEN/WN/G6n1h -lQ== -=nKF2 ------END PGP PUBLIC KEY BLOCK----- - diff --git a/manifests/osfamily/redhat.pp b/manifests/osfamily/redhat.pp index 5d1f17be..963892ce 100644 --- a/manifests/osfamily/redhat.pp +++ b/manifests/osfamily/redhat.pp @@ -94,13 +94,10 @@ } # lint:ignore:strict_indent - $legacy_keyname = 'GPG-KEY-puppet' - $legacy_gpg_path = "/etc/pki/rpm-gpg/RPM-${legacy_keyname}" - $keyname = 'GPG-KEY-puppet-20250406' + $keyname = 'GPG-KEY-puppet' $gpg_path = "/etc/pki/rpm-gpg/RPM-${keyname}" $gpg_homedir = '/root/.gnupg' - $gpg_keys = "file://${legacy_gpg_path} - file://${gpg_path}" + $gpg_keys = "file://${gpg_path}" $script = @(SCRIPT/L) ACTION=$0 @@ -131,14 +128,6 @@ } } - file { $legacy_gpg_path: - ensure => file, - owner => 0, - group => 0, - mode => '0644', - source => "puppet:///modules/puppet_agent/${legacy_keyname}", - } - file { $gpg_path: ensure => file, owner => 0, @@ -147,13 +136,6 @@ source => "puppet:///modules/puppet_agent/${keyname}", } - exec { "import-${legacy_keyname}": - path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "/bin/bash -c '${script}' import ${gpg_homedir} ${legacy_gpg_path}", - unless => "/bin/bash -c '${script}' check ${gpg_homedir} ${legacy_gpg_path}", - require => File[$legacy_gpg_path], - logoutput => 'on_failure', - } exec { "import-${keyname}": path => '/bin:/usr/bin:/sbin:/usr/sbin', command => "/bin/bash -c '${script}' import ${gpg_homedir} ${gpg_path}", diff --git a/manifests/osfamily/suse.pp b/manifests/osfamily/suse.pp index 933e1a01..23ee5aa3 100644 --- a/manifests/osfamily/suse.pp +++ b/manifests/osfamily/suse.pp @@ -62,9 +62,7 @@ case $facts['os']['release']['major'] { '11', '12', '15': { # Import the GPG key - $legacy_keyname = 'GPG-KEY-puppet' - $legacy_gpg_path = "/etc/pki/rpm-gpg/RPM-${legacy_keyname}" - $keyname = 'GPG-KEY-puppet-20250406' + $keyname = 'GPG-KEY-puppet' $gpg_path = "/etc/pki/rpm-gpg/RPM-${keyname}" $gpg_homedir = '/root/.gnupg' @@ -105,21 +103,6 @@ source => "puppet:///modules/puppet_agent/${keyname}", } - file { $legacy_gpg_path: - ensure => file, - owner => 0, - group => 0, - mode => '0644', - source => "puppet:///modules/puppet_agent/${legacy_keyname}", - } - - exec { "import-${legacy_keyname}": - path => '/bin:/usr/bin:/sbin:/usr/sbin', - command => "/bin/bash -c '${script}' import ${gpg_homedir} ${legacy_gpg_path}", - unless => "/bin/bash -c '${script}' check ${gpg_homedir} ${legacy_gpg_path}", - require => File[$legacy_gpg_path], - logoutput => 'on_failure', - } exec { "import-${keyname}": path => '/bin:/usr/bin:/sbin:/usr/sbin', command => "/bin/bash -c '${script}' import ${gpg_homedir} ${gpg_path}", diff --git a/spec/classes/puppet_agent_osfamily_redhat_spec.rb b/spec/classes/puppet_agent_osfamily_redhat_spec.rb index 83398370..04e08d1d 100644 --- a/spec/classes/puppet_agent_osfamily_redhat_spec.rb +++ b/spec/classes/puppet_agent_osfamily_redhat_spec.rb @@ -62,17 +62,6 @@ fi SCRIPT - it { - is_expected.to contain_exec('import-GPG-KEY-puppet-20250406') - .with({ - 'path' => '/bin:/usr/bin:/sbin:/usr/sbin', - 'command' => "/bin/bash -c '#{script}' import /root/.gnupg /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", - 'unless' => "/bin/bash -c '#{script}' check /root/.gnupg /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", - 'require' => 'File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406]', - 'logoutput' => 'on_failure', - }) - } - it { is_expected.to contain_exec('import-GPG-KEY-puppet') .with({ @@ -103,17 +92,6 @@ end end - it { - is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406') - .with({ - 'ensure' => 'file', - 'owner' => '0', - 'group' => '0', - 'mode' => '0644', - 'source' => 'puppet:///modules/puppet_agent/GPG-KEY-puppet-20250406', - }) - } - it { is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet') .with({ @@ -154,7 +132,7 @@ 'baseurl' => "http://yum.puppet.com/puppet5/#{urlbit.gsub('/f', '/')}/#{arch}", 'enabled' => 'true', 'gpgcheck' => '1', - 'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet\n file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", + 'gpgkey' => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet', }) } end @@ -215,7 +193,7 @@ 'baseurl' => "https://master.example.vm:8140/packages/2000.0.0/#{repodir}", 'enabled' => 'true', 'gpgcheck' => '1', - 'gpgkey' => "file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet\n file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", + 'gpgkey' => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppet', 'sslcacert' => '/etc/puppetlabs/puppet/ssl/certs/ca.pem', 'sslclientcert' => '/etc/puppetlabs/puppet/ssl/certs/foo.example.vm.pem', 'sslclientkey' => '/etc/puppetlabs/puppet/ssl/private_keys/foo.example.vm.pem', diff --git a/spec/classes/puppet_agent_osfamily_suse_spec.rb b/spec/classes/puppet_agent_osfamily_suse_spec.rb index 79b455b3..b3732f3b 100644 --- a/spec/classes/puppet_agent_osfamily_suse_spec.rb +++ b/spec/classes/puppet_agent_osfamily_suse_spec.rb @@ -82,17 +82,6 @@ }) } - it { - is_expected.to contain_exec('import-GPG-KEY-puppet-20250406') - .with({ - 'path' => '/bin:/usr/bin:/sbin:/usr/sbin', - 'command' => "/bin/bash -c '#{script}' import /root/.gnupg /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", - 'unless' => "/bin/bash -c '#{script}' check /root/.gnupg /etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406", - 'require' => 'File[/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406]', - 'logoutput' => 'on_failure', - }) - } - context 'with manage_pki_dir => true' do ['/etc/pki', '/etc/pki/rpm-gpg'].each do |path| it { @@ -114,17 +103,6 @@ it { is_expected.to contain_class('puppet_agent::osfamily::suse') } - it { - is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406') - .with({ - 'ensure' => 'file', - 'owner' => '0', - 'group' => '0', - 'mode' => '0644', - 'source' => 'puppet:///modules/puppet_agent/GPG-KEY-puppet-20250406', - }) - } - it { is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet') .with({ @@ -255,17 +233,6 @@ it { is_expected.to contain_class('puppet_agent::osfamily::suse') } - it { - is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet-20250406') - .with({ - 'ensure' => 'file', - 'owner' => '0', - 'group' => '0', - 'mode' => '0644', - 'source' => 'puppet:///modules/puppet_agent/GPG-KEY-puppet-20250406', - }) - } - it { is_expected.to contain_file('/etc/pki/rpm-gpg/RPM-GPG-KEY-puppet') .with({ diff --git a/tasks/install_shell.sh b/tasks/install_shell.sh index 504d7409..f5c64a8e 100644 --- a/tasks/install_shell.sh +++ b/tasks/install_shell.sh @@ -728,7 +728,7 @@ case $platform in rm -f "$gpg_key" done else - for key in "puppet" "puppet-20250406"; do + for key in "puppet"; do gpg_key="${tmp_dir}/RPM-GPG-KEY-${key}" do_download "https://yum.puppet.com/RPM-GPG-KEY-${key}" "$gpg_key" rpm --import "$gpg_key" From fb66919147f4847952be18a5c57a1d53bb6b68ac Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 8 Apr 2025 21:43:05 -0700 Subject: [PATCH 3/5] (maint) Simplify how options are passed The `set_up_initial_agent_on` method is only ever called with the name of the collection, so remove the code that allowed an arbitrary version to be specified. --- acceptance/helpers.rb | 17 +++-------------- .../tests/test_upgrade_puppet6_to_puppet7.rb | 2 +- .../tests/test_upgrade_puppet7_to_puppet8.rb | 2 +- 3 files changed, 5 insertions(+), 16 deletions(-) diff --git a/acceptance/helpers.rb b/acceptance/helpers.rb index 5b2e7e1f..1002e7a6 100644 --- a/acceptance/helpers.rb +++ b/acceptance/helpers.rb @@ -207,9 +207,8 @@ def host_to_info_s(host) # purpose to facilitate an upgrade scenario. # # @param [Beaker::Host] host The host - # @param [String] initial_package_version_or_collection Either a version - # of puppet-agent or the name of a puppet collection to install the agent from. - def set_up_initial_agent_on(host, initial_package_version_or_collection) + # @param [Hash] options Install options + def set_up_initial_agent_on(host, options) master_agent_version = fact_on(master, 'aio_agent_version') unless master_agent_version fail_test('Expected puppet-agent to already be installed on the master, but it was not. ' \ @@ -224,17 +223,7 @@ def set_up_initial_agent_on(host, initial_package_version_or_collection) step 'Set-up the agents to upgrade' do step '(Agent) Install the puppet-agent package' do - initial_package_version_or_collection ||= master_agent_version - agent_install_options = if %r{(^pc1$|^puppet\d+)}i.match?(initial_package_version_or_collection) - { puppet_collection: initial_package_version_or_collection } - else - { - puppet_agent_version: initial_package_version_or_collection, - puppet_collection: puppet_collection_for(:puppet_agent, initial_package_version_or_collection) - } - end - - install_puppet_agent_on(host, agent_install_options) + install_puppet_agent_on(host, options) # beaker-puppet doesn't add signing information to the apt source list, but this module does. # This discrepancy causes apt to error, so we manually add signing info. diff --git a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb index 0064d66a..3fd92ca7 100644 --- a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb +++ b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb @@ -37,7 +37,7 @@ class { puppet_agent: end agents_only.each do |agent| - set_up_initial_agent_on(agent, 'puppet6-nightly') do + set_up_initial_agent_on(agent, puppet_collection: 'puppet6-nightly') do step '(Agent) Change agent environment to testing environment' do on(agent, puppet("config --section agent set environment #{puppet_testing_environment}")) on(agent, puppet('config --section user set environment production')) diff --git a/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb b/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb index 8fd60cc5..19995a44 100644 --- a/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb +++ b/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb @@ -37,7 +37,7 @@ class { puppet_agent: end agents_only.each do |agent| - set_up_initial_agent_on(agent, 'puppet7-nightly') do + set_up_initial_agent_on(agent, puppet_collection: 'puppet7-nightly') do step '(Agent) Change agent environment to testing environment' do on(agent, puppet("config --section agent set environment #{puppet_testing_environment}")) on(agent, puppet('config --section user set environment production')) From 54f6444d49739796a9b5d9bcc71f9f46bbf4ca4e Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Tue, 8 Apr 2025 21:44:30 -0700 Subject: [PATCH 4/5] (maint) Use released packages until nightly release packages are fixed The release packages on nightlies.puppet.com contain the wrong GPG key and since those repos won't be updated, just use the previously released packages for now. --- acceptance/tests/test_upgrade_puppet6_to_puppet7.rb | 3 ++- acceptance/tests/test_upgrade_puppet7_to_puppet8.rb | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb index 3fd92ca7..0331a695 100644 --- a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb +++ b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb @@ -37,7 +37,8 @@ class { puppet_agent: end agents_only.each do |agent| - set_up_initial_agent_on(agent, puppet_collection: 'puppet6-nightly') do + # REMIND: PA-7431 use nightly repos once those release packages are fixed + set_up_initial_agent_on(agent, puppet_collection: 'puppet6') do step '(Agent) Change agent environment to testing environment' do on(agent, puppet("config --section agent set environment #{puppet_testing_environment}")) on(agent, puppet('config --section user set environment production')) diff --git a/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb b/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb index 19995a44..9d535dc8 100644 --- a/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb +++ b/acceptance/tests/test_upgrade_puppet7_to_puppet8.rb @@ -37,7 +37,8 @@ class { puppet_agent: end agents_only.each do |agent| - set_up_initial_agent_on(agent, puppet_collection: 'puppet7-nightly') do + # REMIND: PA-7431 use nightly repos once those release packages are fixed + set_up_initial_agent_on(agent, puppet_collection: 'puppet7') do step '(Agent) Change agent environment to testing environment' do on(agent, puppet("config --section agent set environment #{puppet_testing_environment}")) on(agent, puppet('config --section user set environment production')) From b9bc3354c4544437e9704f5a5dc2d58d6f8be36c Mon Sep 17 00:00:00 2001 From: Josh Cooper Date: Wed, 9 Apr 2025 00:01:07 -0700 Subject: [PATCH 5/5] (maint) Drop puppet 6 to 7 upgrade test The puppet6 deb release packages contain a gpg keyring with a key that expired 225-04-06. If the release package is installed, then future apt-get update command will report errors: ``` $ wget https://apt.puppet.com/puppet6-release-bullseye.deb $ dpkg-deb -c puppet6-release-bullseye.deb | grep keyring -rw-r--r-- root/root 10352 2022-12-09 23:52 ./etc/apt/trusted.gpg.d/puppet6-keyring.gpg $ sudo dpkg -i puppet6-release-bullseye.deb $ sudo apt-get update Hit:1 http://deb.debian.org/debian bullseye InRelease Get:2 http://apt.puppetlabs.com bullseye InRelease [83.8 kB] Err:2 http://apt.puppetlabs.com bullseye InRelease The following signatures were invalid: EXPKEYSIG 4528B6CD9E61EF26 Puppet, Inc. Release Key (Puppet, Inc. Release Key) ``` Since puppet6 has been EOL for many years and we're not going to reissue puppet6 release packages, drop puppet 6 to puppet 7 upgrade tests in the puppet_agent module. --- acceptance/Rakefile | 2 - .../tests/test_upgrade_puppet6_to_puppet7.rb | 62 ------------------- 2 files changed, 64 deletions(-) delete mode 100644 acceptance/tests/test_upgrade_puppet6_to_puppet7.rb diff --git a/acceptance/Rakefile b/acceptance/Rakefile index 009f35e5..16768978 100644 --- a/acceptance/Rakefile +++ b/acceptance/Rakefile @@ -54,8 +54,6 @@ task :ci do begin Rake.application['prepare'].invoke case ENV['MASTER_COLLECTION'] - when /puppet7/ - beaker('exec ./tests/test_upgrade_puppet6_to_puppet7.rb') when /puppet8/ beaker('exec ./tests/test_upgrade_puppet7_to_puppet8.rb') end diff --git a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb b/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb deleted file mode 100644 index 0331a695..00000000 --- a/acceptance/tests/test_upgrade_puppet6_to_puppet7.rb +++ /dev/null @@ -1,62 +0,0 @@ -require 'beaker-puppet' -require_relative '../helpers' - -# Tests FOSS upgrades from the latest puppet 6 (the puppet6-nightly collection) -# to the latest puppet7-nightly build. -test_name 'puppet_agent class: Upgrade agents from puppet6 to puppet7' do - require_master_collection 'puppet7-nightly' - exclude_pe_upgrade_platforms - latest_version = `curl http://builds.delivery.puppetlabs.net/passing-agent-SHAs/puppet-agent-7.x-version` - - puppet_testing_environment = new_puppet_testing_environment - - step 'Create new site.pp with upgrade manifest' do - manifest = <<-PP -node default { - if $::osfamily =~ /^(?i:windows|solaris|aix|darwin)$/ { - $_package_version = '#{latest_version}' - } else { - $_package_version = 'latest' - } - - class { puppet_agent: - package_version => $_package_version, - apt_source => 'https://artifactory.delivery.puppetlabs.net:443/artifactory/internal_nightly__local/apt', - yum_source => 'https://artifactory.delivery.puppetlabs.net:443/artifactory/internal_nightly__local/yum', - mac_source => 'https://artifactory.delivery.puppetlabs.net:443/artifactory/internal_nightly__local/downloads', - windows_source => 'https://artifactory.delivery.puppetlabs.net:443/artifactory/internal_nightly__local/downloads', - collection => 'puppet7-nightly', - service_names => [] - } -} - PP - site_pp_path = File.join(environment_location(puppet_testing_environment), 'manifests', 'site.pp') - create_remote_file(master, site_pp_path, manifest) - on(master, %(chown #{puppet_user(master)} "#{site_pp_path}")) - on(master, %(chmod 755 "#{site_pp_path}")) - end - - agents_only.each do |agent| - # REMIND: PA-7431 use nightly repos once those release packages are fixed - set_up_initial_agent_on(agent, puppet_collection: 'puppet6') do - step '(Agent) Change agent environment to testing environment' do - on(agent, puppet("config --section agent set environment #{puppet_testing_environment}")) - on(agent, puppet('config --section user set environment production')) - end - end - end - - step 'Upgrade the agents from Puppet 6 to Puppet 7...' do - agents_only.each do |agent| - on(agent, puppet('agent -t --debug'), acceptable_exit_codes: 2) - wait_for_installation_pid(agent) - assert(puppet_agent_version_on(agent) =~ %r{^7\.\d+\.\d+.*}) - end - end - - step 'Run again for idempotency' do - agents_only.each do |agent| - on(agent, puppet('agent -t --debug'), acceptable_exit_codes: 0) - end - end -end