GPG
YUM GPG keys
GPG signature info
gitlab/gitlab-fips has its YUM metadata signed with the default GPG key.
Important notes
There are two types of GPG keyrings used on RPM-based systems:
- RPM's GPG keyring. This keyring is used for verifying signatures on RPM packages.
- YUM's GPG keyring. This keyring is used for verifying signatures on repository metadata. There is one keyring per repository on the system.
The YUM GPG keyring (number 2 above) is the keyring that the information on this page refers to.
Import GPG key for gitlab/gitlab-fips
To import a GPG key to verify YUM metadata, you must create a repo config with the GPG key URL. This is done automatically with all of our install methods.
If you'd like to do this manually for gitlab/gitlab-fips, follow the instructions on the manual install page
Remove GPG key for gitlab/gitlab-fips
Unfortunately GPG key removal is not particularly user friendly.
- Check your
/etc/yum.conf
file and note the value ofpersistdir
. Ifpersistdir
is not set, you can assume it is/var/lib/yum
. - Determine which CPU architecture the repo has been installed for: i386 for 32-bit systems and x86_64 for 64-bit systems.
- Determine the verison number of the CentOS or Red Hat you are running (5, 6, or 7).
- Replace x86_64 and 7 in the following command with your CPU architecture and CentOS or RedHat version:
gpg --homedir /var/lib/yum/repos/x86_64/7/gitlab_gitlab-fips/gpgdir --delete-key 3F01618A51312F3F
APT GPG keys
GPG signature info
gitlab/gitlab-fips has its APT metadata signed with the default GPG key.
Import GPG key for gitlab/gitlab-fips
- Ensure you have curl installed:
sudo apt-get install curl
- Ensure you have GPG installed:
sudo apt-get install gnupg
- Add the GPG key:
- For versions equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki - specify the GPG key in the /etc/apt/sources.list.d entry, as below. All older versions do not require the signed-by option.
deb [signed-by=/usr/share/keyrings/gitlab_gitlab-fips-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-fips/<os> <version> main deb-src [signed-by=/usr/share/keyrings/gitlab_gitlab-fips-archive-keyring.gpg] https://packages.gitlab.com/gitlab/gitlab-fips/<os> <version> main
For versions equivalent to or later than Debian/Raspbian Stretch, Ubuntu Xenial, Linux Mint Sarah, Elementary OS Loki:
curl -fsSL https://packages.gitlab.com/gitlab/gitlab-fips/gpgkey | gpg --dearmor > /usr/share/keyrings/gitlab_gitlab-fips-archive-keyring.gpg
For versions equivalent to or older than Debian/Raspbian Jessie, Ubuntu Wily, Linux Mint Rosa, Elementary OS Freya:
curl -fsSL https://packages.gitlab.com/gitlab/gitlab-fips/gpgkey | gpg --dearmor > /etc/apt/trusted.gpg.d/gitlab_gitlab-fips.gpg
Remove GPG key for gitlab/gitlab-fips
For GPG keys stored in /usr/share/keyrings:
- Remove the GPG key:
sudo rm /usr/share/keyrings/gitlab_gitlab-fips-archive-keyring.gpg
For GPG keys stored in /etc/apt/trusted.gpg.d:
- Remove the GPG key:
sudo apt-key remove 3F01618A51312F3F
- You will see the output "OK" when complete. You can verify the key has been removed by running:
sudo apt-key list
List all GPG keys known to APT
- List all GPG keys known to APT:
apt-key list
Package signing keys
GPG key name | Key ID | Delete |
---|---|---|
gitlab-gitlab-fips-3D645A26AB9FBD22.pub.gpg | 3D645A26AB9FBD22 | delete |