Update apt gpg key over puppet

aptpgppuppet

The puppet apt repository PGP key has expired some days ago

/etc/apt/trusted.gpg.d//puppetlabs-keyring.gpg
----------------------------------------------
pub   4096R/4BD6EC30 2010-07-10 [expired: 2016-07-08]
uid                  Puppet Labs Release Key (Puppet Labs Release Key)

Of course, it can be updated manually

apt-key adv --recv-keys --keyserver keys.gnupg.net 4BD6EC30

However, can it be updated via a Puppet run automatically (for example via the Puppet apt module)?

Best Answer

This is what we started using (thanks garthk):

  $key = '4BD6EC30'
  exec { 'apt-key puppetlabs':
    path    => '/bin:/usr/bin',
    unless  => "apt-key list | grep '${key}' | grep -v expired",
    command => "apt-key adv --keyserver keyserver.ubuntu.com \
      --recv-keys ${key}",
  }

More discussion in a ticket open for the apt module

Related Topic