Getting the full fingerprint for a gpg key for apt sources in puppet
If you have ever seen the error
Warning: /Apt_key[Add key: 25E010CF from Apt::Source freeswitch]: The id should be a full fingerprint (40 characters), see README.
And wondered how to get the full fingerprint, here’s how.
On a test box, import the key manually using the instructions from whoever the key is for, then on that machine run the command (as root)
apt-key adv --list-public-keys --with-fingerprint --with-colons
That will list the keys currently installed. You want to look for a line that starts with fpr near the key you you know about, so in the case of freeswitch from above, the output will include
pub:-:1024:17:D76EDC7725E010CF:2012-01-27:::-:FreeSWITCH Package Signing Key <[email protected]>::scESC:
fpr:::::::::20B06EE621AB150D40F6079FD76EDC7725E010CF:
So on the first line, we can see the 25E010CF is the second half of the key that we had in our puppet manifest. So we want to add the full key on the fpr line. It doesn’t include semi-colons so in this case it will be
20B06EE621AB150D40F6079FD76EDC7725E010CF