Help importing public key to verify Puppet release

[weloki]

I'm running Ubuntu server 10.04 LTS and the public repo housing Puppet
is currently at 0.25.4-2ubuntu6.6. I want to run Puppet 2.7.12 but I'm
experiencing the following issues:

apt-get update throws this message...
W: GPG error: http://apt.puppetlabs.com lucid Release: The following
signatures couldn't be verified because the public key is not
available: NO_PUBKEY 1054B7A24BD6EC30


This is what I see when I follow the directions to import the release
signing key (at http://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Verifying+Puppet+Downloads):

gpg --recv-key 4BD6EC30
gpg: no keyserver known (use option --keyserver)
gpg: keyserver receive failed: bad URI


And trying this...

apt-key adv --keyserver keyserver.ubuntu.com --recv 4BD6EC30
or
apt-key adv --keyserver apt.puppetlabs.com --recv 4BD6EC30

yields:

Executing: gpg --ignore-time-conflict --no-options --no-default-
keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/
trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/
trusted.gpg --keyserver keyserver.ubuntu.com --recv 4BD6EC30
gpg: requesting key 4BD6EC30 from hkp server keyserver.ubuntu.com
gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0


Also, in Landscape, I see these hosts with package reporting issues -
the package reporter error:

error: Channel 'lucid - main' signed with unknown key

[Nan Liu]

This is the line in cloud provisioner that does the key verification:

# Download and install the puppetlabs apt public
apt-key adv --recv-key --keyserver pool.sks-keyservers.net 4BD6EC30

Thanks,

Nan

[weloki]

I've tried that and I still get:

Executing: gpg --ignore-time-conflict --no-options --no-default-
keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/
trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/

trusted.gpg --recv-key --keyserver pool.sks-keyservers.net 4BD6EC30
gpg: requesting key 4BD6EC30 from hkp server pool.sks-keyservers.net

gpgkeys: HTTP fetch error 7: couldn't connect to host
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

On Mar 21, 6:50 pm, Nan Liu <n...@puppetlabs.com> wrote:
> On Wed, Mar 21, 2012 at 2:55 PM, weloki <wel...@gmail.com> wrote:
> > I'm running Ubuntu server 10.04 LTS and the public repo housing Puppet
> > is currently at 0.25.4-2ubuntu6.6. I want to run Puppet 2.7.12 but I'm
> > experiencing the following issues:
>
> > apt-get update throws this message...

> > W: GPG error:http://apt.puppetlabs.comlucid Release: The following

> > signatures couldn't be verified because the public key is not
> > available: NO_PUBKEY 1054B7A24BD6EC30
>
> > This is what I see when I follow the directions to import the release

> > signing key (athttp://projects.puppetlabs.com/projects/1/wiki/Downloading_Puppet#Ver...

[Nan Liu]

Can you reach the key server? Do you have a proxy or firewall in
between? What does the following command return?

curl keyserver.ubuntu.com
curl pool.sks-keyservers.net

Nan

[weloki]

I do not have a proxy or firewall in between.
Doing the curl command for the first keyserver returns to me the html
of the welcome page containing this markup...

<h1> SKS OpenPGP Keyserver <br> @keyserver.ubuntu.com</h1>


The second one gives me the html containing...

<h1>Forbidden</h1>
<p>You don't have permission to access /
on this server.</p>


Also, when I try to submit a query to extract a key over the web at
http://keyserver.ubuntu.com I see this error in my browser:

Unable to connect.
Firefox can't establish a connection to the server at
keyserver.ubuntu.com:11371

On Mar 22, 12:38 pm, Nan Liu <n...@puppetlabs.com> wrote:
> On Thu, Mar 22, 2012 at 8:37 AM, weloki <wel...@gmail.com> wrote:
> > I've tried that and I still get:
>
> > Executing: gpg --ignore-time-conflict --no-options --no-default-
> > keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/
> > trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/
> > trusted.gpg --recv-key --keyserver pool.sks-keyservers.net 4BD6EC30
> > gpg: requesting key 4BD6EC30 from hkp server pool.sks-keyservers.net
> > gpgkeys: HTTP fetch error 7: couldn't connect to host
> > gpg: no valid OpenPGP data found.
> > gpg: Total number processed: 0
>
> > On Mar 21, 6:50 pm, Nan Liu <n...@puppetlabs.com> wrote:
> >> On Wed, Mar 21, 2012 at 2:55 PM, weloki <wel...@gmail.com> wrote:
> >> > I'm running Ubuntu server 10.04 LTS and the public repo housing Puppet
> >> > is currently at 0.25.4-2ubuntu6.6. I want to run Puppet 2.7.12 but I'm
> >> > experiencing the following issues:
>
> >> > apt-get update throws this message...

> >> > W: GPG error:http://apt.puppetlabs.comlucidRelease: The following

[weloki]

Solved.
My workaround included manually downloading, importing and adding they
key to my keyring with the following set of commands:

wget http://apt.puppetlabs.com/pubkey.gpg
gpg --import pubkey.gpg
gpg -a --export 4BD6EC30 | apt-key add -

On Mar 22, 5:23 pm, weloki <wel...@gmail.com> wrote:
> I do not have a proxy or firewall in between.
> Doing the curl command for the first keyserver returns to me the html
> of the welcome page containing this markup...
>
> <h1> SKS OpenPGP Keyserver <br> @keyserver.ubuntu.com</h1>
>
> The second one gives me the html containing...
>
> <h1>Forbidden</h1>
> <p>You don't have permission to access /
> on this server.</p>
>

> Also, when I try to submit a query to extract a key over the web athttp://keyserver.ubuntu.comI see this error in my browser: