Installation

RPM GPG signing key

grijhwani
Motivator

Where is the pubkey (id 653fb112) for validating the Splunk RPMs? And if it is not available, why ever not? It just seems wrong to have to expressly suppress the GPG check when using yum.

Tags (2)
1 Solution

grijhwani
Motivator

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

View solution in original post

scentoni_splunk
Splunk Employee
Splunk Employee

You can view the public key and installation instructions at the PGP Public Key documentation page http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey

you can download the public key using

curl -O https://docs.splunk.com/images/6/6b/SplunkPGPKey.pub
0 Karma

ontkanin
Path Finder
curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

thanks grijhwani for the idea

grijhwani
Motivator

Here's a one-liner for Linux peeps to extract it direct from the documentation without all that messy copy and paste. (Sorry Windoze folks, you'll have to carry on with your click and drool.)

lynx -dump "http://docs.splunk.com/Documentation/Splunk/6.1.2/Installation/PGPPublicKey" | sed -n -e '/--BEGIN PGP PUBLIC KEY BLOCK/,/--END PGP PUBLIC KEY BLOCK/p'| tee RPM-GPG-KEY-splunk

View solution in original post

grijhwani
Motivator

You may not always WANT the latest key.

0 Karma

ontkanin
Path Finder

Yup .. the important part is replacing '6.1.2' with 'latest', then you'll always get the latest key. Other than that, the same result.

0 Karma

grijhwani
Motivator

Both perform the same function in this instance. Season to preference.

0 Karma

ontkanin
Path Finder

eew, lynx 🙂 I have fixed it a little bit for you 🙂

curl -s http://docs.splunk.com/Documentation/Splunk/latest/Installation/PGPPublicKey | sed -n '/BEGIN PGP/,/END PGP/p' > RPM-GPG-KEY-splunk

0 Karma

grijhwani
Motivator

Obviously as versions increment the version number in the URL will change in accordance.

0 Karma

ontkanin
Path Finder
gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
gpg: key "653fb112" not found on keyserver

So where's the key now?

Update: I have eventually found the key (thanks Google) here: RPM-GPG-KEY-splunk

gpg RPM-GPG-KEY-splunk 
pub  1024D/653FB112 2007-08-16 Kim Wallace <release@splunk.com>
sub  2048g/F6427A34 2007-08-16
0 Karma

grijhwani
Motivator

Seeing as that is just happenstance of someone embedding the key in a Puppet recipe, it does rather raise the question of where the official source is. ... And having wondered, I sought it out - see above.

grijhwani
Motivator
gpg --search-keys --keyserver=hkp://keys.gnupg.net 653fb112
gpg: searching for "653fb112" from hkp server keys.gnupg.net
(1)     Kim Wallace <release@splunk.com>
          1024 bit DSA key 653FB112, created: 2007-08-16

D'oh!

Updated - 2014-07-10:

The better answer is RTFM. Literally. The key block is provided in the online documentation.

dwaddle
SplunkTrust
SplunkTrust

There are some Splunk 6.0 releases that were not GPG signed. As of 6.0.4 and 6.1.0, the GPG signatures are back in place properly. Please use these signed RPMs.

.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!