topic RPM GPG signing key in Installation

RPM GPG signing key

grijhwani — Thu, 08 May 2014 23:55:58 GMT

Where is the pubkey (id 653fb112) for validating the Splunk RPMs? And if it is not available, why ever not? It just seems wrong to have to expressly suppress the GPG check when using yum.

Re: RPM GPG signing key

grijhwani — Fri, 09 May 2014 00:22:08 GMT

gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
(1)     Kim Wallace <release@splunk.com>
          1024 bit DSA key 653FB112, created: 2007-08-16

D'oh!

Updated - 2014-07-10:

The better answer is RTFM. Literally. The key block is provided in the online documentation.

Re: RPM GPG signing key

dwaddle — Sat, 10 May 2014 15:59:52 GMT

There are some Splunk 6.0 releases that were not GPG signed. As of 6.0.4 and 6.1.0, the GPG signatures are back in place properly. Please use these signed RPMs.

Re: RPM GPG signing key

ontkanin — Thu, 10 Jul 2014 20:10:23 GMT

gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
gpg: key "653fb112" not found on keyserver

So where's the key now?

Update: I have eventually found the key (thanks Google) here: RPM-GPG-KEY-splunk

gpg RPM-GPG-KEY-splunk 
pub  1024D/653FB112 2007-08-16 Kim Wallace <release@splunk.com>
sub  2048g/F6427A34 2007-08-16

Re: RPM GPG signing key

grijhwani — Thu, 10 Jul 2014 21:48:14 GMT

Seeing as that is just happenstance of someone embedding the key in a Puppet recipe, it does rather raise the question of where the official source is. ... And having wondered, I sought it out - see above.

Re: RPM GPG signing key

grijhwani — Thu, 10 Jul 2014 22:05:41 GMT

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

Re: RPM GPG signing key

grijhwani — Thu, 10 Jul 2014 22:07:31 GMT

Obviously as versions increment the version number in the URL will change in accordance.

Re: RPM GPG signing key

ontkanin — Thu, 10 Jul 2014 22:27:25 GMT

eew, lynx 🙂 I have fixed it a little bit for you 🙂

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

Re: RPM GPG signing key

ontkanin — Thu, 10 Jul 2014 22:30:20 GMT

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

thanks grijhwani for the idea

Re: RPM GPG signing key

grijhwani — Thu, 10 Jul 2014 22:34:24 GMT

Both perform the same function in this instance. Season to preference.

Re: RPM GPG signing key

ontkanin — Thu, 10 Jul 2014 22:41:10 GMT

Yup .. the important part is replacing '6.1.2' with 'latest', then you'll always get the latest key. Other than that, the same result.

Re: RPM GPG signing key

grijhwani — Thu, 10 Jul 2014 22:43:47 GMT

You may not always WANT the latest key.

Re: RPM GPG signing key

scentoni_splunk — Wed, 02 May 2018 00:38:23 GMT

You can view the public key and installation instructions at the PGP Public Key documentation page http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey

you can download the public key using

curl -O https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub