From ff5ea7563a96366b7edd032c8d14a94ca5ab84a2 Mon Sep 17 00:00:00 2001 From: Ricky Ramirez Date: Thu, 15 Aug 2019 08:49:55 -0700 Subject: [PATCH] Don't pull gpg key from a keyserver. (#3) This prevents an outage should the keyserver be unaccesible (e.g. the host doesn't allow outbound traffic or the keyserver is down) The subkey has been removed from the original key since it is not required and older versions of the apt module incorrectly parse the subkey's fingerprint. --- files/GPG-KEY-td-agent | 30 ++++++++++++++++++++++++++++++ manifests/repo/apt.pp | 4 ++-- 2 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 files/GPG-KEY-td-agent diff --git a/files/GPG-KEY-td-agent b/files/GPG-KEY-td-agent new file mode 100644 index 0000000..f57485a --- /dev/null +++ b/files/GPG-KEY-td-agent @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: Encryption subkey has been removed due to apt-key parsing bug + +mQINBFhiI8wBEADThWLNd8IKPRw7Ygu3DHS4Sb/Yc6vSZSaMGJ6Wkj245jScvI+C +nG4C4rtO/8ObUj5cUpb4CyfYZX8W4tp9x+W68c4paXevG4s+X4EE3uUsgdwTnFXi +GMa57QDzR4p/JvjUjfGJ2UAr4Bfj8Q2S54LmIu6UAe82ce2B4tEHCeYSxkmVUDAZ +utfmgKoVTbnceTemU0m5ANS6IC1/53KEhgB1sKm5G/FjRJGslHWb3mf+bLrhmlkP +pA4BOKF2w3eFYH3LhWskxMS0SPM7J6aq+6LyNNqtlKL6lUS7qVjRQ6PlgFcmtG4J +tijsZI62bDn1f44DmeLY+LMS/nM0xyIx94lYumGH5EYmjUECagqMool98/+Wx79A +Thtg/1pYNzo8Z76qr0i3xLSRtsQ2Om2Rfal7VGadOrx4sqlkSaUaGI+hBc1r4tNy +tERvBEMGSf78bWDbdzxSNEW4LUDUpniNQb0DrURfWkqRa3q4WcTJr8lpQM/NmAru +owayAXQwKob+OIZ09/O69EaqVJ9MqsM3keQouSHShKvzNrppuo3D3z+Dpy05FsYw +MAiIN7auXxy+XQwCVsKF083YaDHcC0I22GReEgt43yZXQ/b/J9QNrm5nJ+3Cpso3 +jJnMzubuniSOOdd3mXQ6MwgZvWgtH/nPF8oUX9VSGwqNohiKWcxQDxW7qQARAQAB +tFRUcmVhc3VyZSBEYXRhLCBJbmMgKFRyZWFzdXJlIEFnZW50IE9mZmljaWFsIFNp +Z25pbmcga2V5KSA8c3VwcG9ydEB0cmVhc3VyZS1kYXRhLmNvbT6JAjcEEwEIACEF +AlhiI8wCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQkB+Rd6uXrL5GrhAA +nh82+caSu9Qu/LW256gN5UjPUFhph66ElT1OVyAR2FoOmz2pJH3t8YYD5cUV2W6/ +xqJDmjl+vnL2HBgxjHKRCo2K3hrq6z4LoU7SpWDI1cZ03lkjh1yNx13S+9JvZNlp +jit0WRIspke0n0vWSpNo4nh19Yg3EA1c+vGeHnmlYo6xwRHu6XOhhCwywtFRGC3a +iMJzAV4N69ZU6P5VZZkC6LjYYQtF4aI10COLZ4AcObH2htGAZTj2KlZfdJHmr+Oa +wY57giUYz7OF45LLCuqe+VwpGp2d3UK/MtCnXRLi5InMVJKDvyt18MzRDFuyA27e +WSt+JumVqhEjawh3hmdzIS1cHKmv19gdeE8On2i2Lf8lyek8fsB/YPgADAmp2oSe +cjLu0ocGbgxRjuCR29+6IG+DiUDFCkqFZNdLiGVqzjpjpYHaPhVe77ciwA8TCPru +3dh5t/qv2HglSd7lj95IApZBtny5AK8NS4qtaOeZbBbbDRuOPL0c7fU3bqyIPy57 +zvdYi3KdjWZVCawcAmk3ILP83eFSivCRPRoyCqO+HX8U647BBWvlFuEbPa+Y1sgE +12MEF/Y6VVJh3Ptw+h/qKRbra4LdA+5Y30q/9l6WGgbO/4h3NKmGeVCrAFvS3h92 +fS0ABYD1nAP7fSNS9RfYIqfBXtJem+tJ14YKJwWiAYU= +=TPyg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/manifests/repo/apt.pp b/manifests/repo/apt.pp index a409ff3..864edfc 100644 --- a/manifests/repo/apt.pp +++ b/manifests/repo/apt.pp @@ -7,8 +7,8 @@ class fluentd::repo::apt ( $repos = 'contrib', $architecture = $::architecture, $key = { - 'id' => 'BEE682289B2217F45AF4CC3F901F9177AB97ACBE', - 'source' => 'http://packages.treasuredata.com/GPG-KEY-td-agent' + 'id' => 'BEE682289B2217F45AF4CC3F901F9177AB97ACBE', + 'content' => file('fluentd/GPG-KEY-td-agent'), }, $include = { 'src' => false,