Archive
Highlighted

RPM GPG signing key

Motivator

Where is the pubkey (id 653fb112) for validating the Splunk RPMs? And if it is not available, why ever not? It just seems wrong to have to expressly suppress the GPG check when using yum.

Tags (2)
Highlighted

Re: RPM GPG signing key

Motivator
gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
(1)     Kim Wallace <release@splunk.com>
          1024 bit DSA key 653FB112, created: 2007-08-16

D'oh!

Updated - 2014-07-10:

The better answer is RTFM. Literally. The key block is provided in the online documentation.

Highlighted

Re: RPM GPG signing key

SplunkTrust
SplunkTrust

There are some Splunk 6.0 releases that were not GPG signed. As of 6.0.4 and 6.1.0, the GPG signatures are back in place properly. Please use these signed RPMs.

Highlighted

Re: RPM GPG signing key

Path Finder
gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
gpg: key "653fb112" not found on keyserver

So where's the key now?

Update: I have eventually found the key (thanks Google) here: RPM-GPG-KEY-splunk

gpg RPM-GPG-KEY-splunk 
pub  1024D/653FB112 2007-08-16 Kim Wallace <release@splunk.com>
sub  2048g/F6427A34 2007-08-16
0 Karma
Highlighted

Re: RPM GPG signing key

Motivator

Seeing as that is just happenstance of someone embedding the key in a Puppet recipe, it does rather raise the question of where the official source is. ... And having wondered, I sought it out - see above.

Highlighted

Re: RPM GPG signing key

Motivator

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

View solution in original post

Highlighted

Re: RPM GPG signing key

Motivator

Obviously as versions increment the version number in the URL will change in accordance.

0 Karma
Highlighted

Re: RPM GPG signing key

Path Finder

eew, lynx 🙂 I have fixed it a little bit for you 🙂

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

0 Karma
Highlighted

Re: RPM GPG signing key

Motivator

Both perform the same function in this instance. Season to preference.

0 Karma
Highlighted

Re: RPM GPG signing key

Path Finder

Yup .. the important part is replacing '6.1.2' with 'latest', then you'll always get the latest key. Other than that, the same result.

0 Karma