Solved: Re: RPM GPG signing key

grijhwani · ‎05-08-2014

Where is the pubkey (id 653fb112) for validating the Splunk RPMs? And if it is not available, why ever not? It just seems wrong to have to expressly suppress the GPG check when using yum.

grijhwani · ‎07-10-2014

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

View solution in original post

scentoni_splunk · ‎05-01-2018

You can view the public key and installation instructions at the PGP Public Key documentation page http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey

you can download the public key using

curl -O https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub

ontkanin · ‎07-10-2014

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

thanks grijhwani for the idea

grijhwani · ‎07-10-2014

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

grijhwani · ‎07-10-2014

You may not always WANT the latest key.

ontkanin · ‎07-10-2014

Yup .. the important part is replacing '6.1.2' with 'latest', then you'll always get the latest key. Other than that, the same result.

grijhwani · ‎07-10-2014

Both perform the same function in this instance. Season to preference.

ontkanin · ‎07-10-2014

eew, lynx 🙂 I have fixed it a little bit for you 🙂

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

grijhwani · ‎07-10-2014

Obviously as versions increment the version number in the URL will change in accordance.

ontkanin · ‎07-10-2014

gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
gpg: key "653fb112" not found on keyserver

So where's the key now?

Update: I have eventually found the key (thanks Google) here: RPM-GPG-KEY-splunk

gpg RPM-GPG-KEY-splunk 
pub  1024D/653FB112 2007-08-16 Kim Wallace <release@splunk.com>
sub  2048g/F6427A34 2007-08-16

grijhwani · ‎07-10-2014

Seeing as that is just happenstance of someone embedding the key in a Puppet recipe, it does rather raise the question of where the official source is. ... And having wondered, I sought it out - see above.

grijhwani · ‎05-08-2014

gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
(1)     Kim Wallace <release@splunk.com>
          1024 bit DSA key 653FB112, created: 2007-08-16

D'oh!

Updated - 2014-07-10:

The better answer is RTFM. Literally. The key block is provided in the online documentation.

dwaddle · ‎05-10-2014

There are some Splunk 6.0 releases that were not GPG signed. As of 6.0.4 and 6.1.0, the GPG signatures are back in place properly. Please use these signed RPMs.

RPM GPG signing key

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?