New GitLab GPG Keys

[yakatz]

GitLab has announced they are changing their GPG keys. It is not clear to me exactly what needs to be done in this module to support that. I don';t know enough about how Yum keys work. Changing the Debian keys looks to be straightforward, but the change needs to be made on April 6.

Announcement: https://about.gitlab.com/releases/2020/03/30/gpg-key-for-gitlab-package-repositories-metadata-changing/

Documentation: https://docs.gitlab.com/omnibus/update/package_signatures#package-repository-metadata-signing-keys

[dnsmichi]

Thanks for the heads up. I was about to create a PR but then saw that #331 is already there.

In order to avoid dependency on a release, you should be able fetch and install the new key with a custom repository_configuration setting shown in https://github.com/voxpupuli/puppet-gitlab#custom-repository--package-configuraiton-example

class { 'gitlab':
  # ...
  repository_configuration => {
    'apt::source' => {
      'gitlab_official_ce' => {
        'comment' => 'Official repository for GitLab Omnibus',
        'location' => 'https://packages.gitlab.com/gitlab/gitlab-ce/debian',
        'key' => {
          'id' => 'F6403F6544A38863DAA0B6E03F01618A51312F3F',
          'source' => 'https://gitlab-org.gitlab.io/omnibus-gitlab/gitlab_new_gpg.key'
        }
      },
    }
  }
}

Once you roll that out, the new GPG key is fetched and at a later point when this module gets a release bump you'll change back to the official key defaults with removing this setting. Or you change the URL for the source entry.

[baurmatt]

This was fixed by #331 and released with 5.0.0

[dnsmichi]

Thanks for the fast update & release, really appreciate it ❤️