Installing debian-backports-keyring
Keith Edmunds
can't install it because the client doesn't already have the key:
--------------------------------------------------------------------------------
err: //Node[basenode]/tclbase/Package[debian-backports-keyring]/ensure:
change from purged to present failed: Execution of '/usr/bin/aptitude -y
-o DPkg::Options::=--force-confold install debian-backports-keyring'
returned 255: Reading package lists...
Building dependency tree...
Reading state information...
Reading extended state information...
Initializing package states...
Reading task descriptions...
The following NEW packages will be installed:
debian-backports-keyring
0 packages upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 3362B of archives. After unpacking 49.2kB will be used.
WARNING: untrusted versions of the following packages will be installed!
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
debian-backports-keyring
Do you want to ignore this warning and proceed anyway?
To continue, enter "Yes"; to abort, enter "No": Abort.
--------------------------------------------------------------------------------
Catch-22: what it the recommended way of getting past this point (without
manually installing the package on every client)?
Thanks.
John Ferlito
>
> I want to install debian-backports-keyring on puppet clients. However, I
> can't install it because the client doesn't already have the key:
>
>
> Do you want to ignore this warning and proceed anyway?
> To continue, enter "Yes"; to abort, enter "No": Abort.
> --------------------------------------------------------------------------------
>
> Catch-22: what it the recommended way of getting past this point (without
> manually installing the package on every client)?
I normally install they gpg key using puppet instead of using the
package. Although probably doing both is wise.
eg
exec {
"add_vquence_apt_key":
command => "apt-key add /etc/apt/packages_vquence_com.key",
unless => "apt-key list | grep -q '1024D/3F456D2A 2007-04-12 \\[expires: 2013-04-14\\]'",
require => File["/etc/apt/packages_vquence_com.key"],
before => Exec['apt_updated'],
}
There is another file rule to get the key on each machine.
Alternatively if you trust just grabbing the key over the internet you can use
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com KEYID
Easiest way to find the key id I've found is to just apt-get update and copy the key it complains about.
Cheers,
John
--
John
Blog http://www.inodes.org/blog
OLPC Friends http://olpcfriends.org