Skip to content

Rotate GPG keys April 2025

⚠️ Incident https://app.incident.io/gitlab/incidents/590

Summary

  • Problem: The GPG public key used for signing GitLab Runner packages expired, potentially affecting manual verification processes for package installation.
  • Impact: The expired GPG key may cause difficulties for users manually verifying GitLab Runner package installations, though package manager installations remain unaffected as far as our testing goes.
  • Causes: The incident resulted from the expiration of the GPG key used for signing GitLab Runner packages.

Following the instructions at https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/PROCESS.md?ref_type=heads#renew-expired-gpg-key rotate the GPG keys

New public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGRIarMBEADBedWkhv4Vsi8Rfov5XbKNvAnoT4Iuoz6dQWxBUV5MWY6J3MFD
v7ohrnHDYZaOJ+9HGvGNKCYyqvJpTDD5YNxhCbQ9oWjHj83t4zMzeoNQ6H1PrEV2
ClZqhiwQia7th3PJu3yjl3apXKfCNr2jq8hkqjNGkXE+UsFTEy4xu6AXBvaBfcm0
gmR2KL9Nvkvu3ZgDCgsD0evpdWQz3q1IXvDKpFmpxaWgCXIPZONF5XGonwFtQaV5
U0lcPL17e5JiGhNir/DAxjw0IIfdNCdfxQWn1jf0mSqCC7CVk37usWujFHmNzI0F
GoCPp17RKf70WXOneRA7bdFXH9U7aPiwGt7sftRIluheJovWMgYTHcmTwV/N+FJs
5p5Bp3yqFZyOUAo11bEe4N1dJLKELbYe7DnYbewaMjBgkaLAaPhQB6fGW2FnLh87
VUn/9qpdYIAK71oFeFYXUYbJI1elWrOK4ONME6N87mCo5psHm3Re5u9HiRUl+q9H
KfzP2KH7MxwmpmcpFFNmyHeXWaWoFCDW5+vHVL7DkRhDw0eLI85uAYvD5gwWncMP
ZNp9jmfSpQ/yuyH96148eMVEQyrlUj4if3odU8pWoUQJC3mtk8HA5/KSagFlmy6h
GBhhTBZmz0HwJT4TL/QulD1kpdnTueCEe9jUAetHuKKnYK3Ckknf0svOLwARAQAB
tCFHaXRMYWIsIEluYy4gPHN1cHBvcnRAZ2l0bGFiLmNvbT6JAlQEEwEKAD4CGwMF
CwkIBwMFFQoJCAsFFgMCAQACHgECF4AWIQSTHaac+jr+u8l9qoxsV8Kca6daTgUC
aA/OzAUJBaiXmQAKCRBsV8Kca6daTqgVD/9X1tMOadGVunGxJLpICS6PtyQ84FRg
lBovKV2kT6Q7qrLeHRtfKUBe/WH4lSSWRTxJzM7yRvBKlsLmZkTLde2JvDLKmtce
e5YM+NloDCFTKSzlBIIug4vvHbOXjmLWy8dEKYa2//aVQ964PWOkxNFRLIA/NlPZ
KtEyzgYCB4lzDLCvbrUSlRh5IeqycwL5nPgey1ssx+FR0XtUd4juGLGcH0mdvvPP
JmExWqGP7xecRcTQ4IWHvNWJh2kVLwEHi9LJscuAknnFcI5qvgAaJw0bCQJrw8BI
ApfBnDpHzVWL24AapCsdG2CpjMpmMMBIKgHmJY4nepsdntlREPkSKPHmcLbJHAEp
OFm97FM5YpWwbWgxequfLgMK5Ol17OSkX/siowyNbh+Kg5KbqvVbLtl3VxzrMps7
4gP9dCgBTFDGAusbx7P1t8Tr1N5H8eDBTuawauMO5iZFh497M3TpfWpZxHceflLX
oamWEL8ILyZP976jpqeDPmHNQnwjra9kQienKUZeDXKb4D9QOCtPsDej3Z0y7r3I
MWHOnEajE/4rpqbT1qDZesajq+iGrwH7fkuKLvYtPeTUlwwBk23XfkSRMCMNZSv5
lNkFRL/N/kx/sy3m3DJvgnO9iUgGfXTL0nCtVOutwxewcR42Rud48W+mBE7kaWzM
9IsXfuR9+cYjh7kCDQRkSGqzARAAurPXpFBgvbEdVIGvrFN71d5zXeaH12In0OmR
9tYhv3KqLp7ed+QJsCcScvFPXs5VvdXW0ahT2hw7sEiRmex/2MmrSqPi6kt+xKkL
iC+u8qVR9xWueNzAgdqfKSSoHgi0uZPtK8rkYGLnCO4tq4DkxLhTt5SAxUCPrZnA
gkm9/UO+YwlHJoxjqu0dRgHfs0sopxS+HcZc6p4SnEgNsx1m6cRFIDmLPvlHDIQw
FR6nAJCGz1u5NwO85UDbxMpRYH4znzeSVfbU+/DaBe8++iHPraKrkaUcBREeb4S/
wfj+9uwjYwgYg6wnEVC53x+nMNOrlzwJaIpiSiQt4Qh0kAFpobDUAljcMZzl0m6U
TlwJNDCaF3PJR12A3vJgxGUCFukcytQYT5sLeEoaeAJ5icgG1DLH3AwJQnZUrqTA
+0dQ0WxK2obOL7aLK55ekFaFtcFZoNz9zA2rnbvc31L/3lqRfvltX7WeKz0FvfMJ
mAsoYzHFJV9h3Nc3dSpY7xst8+3EvAYif4utD2hQ52cwQZgE7pNKc0zIdvYs2u6q
j2zh9Y1mDI35xsO2n4M1EvkD/oKbzJRNklS3GW2Phsz+4R7uV30SjswAE3JqpYna
9uT/nbjlwRu5Xig/Ry9pAFRYmNcRoxOEEhwjXYQuyQl66aDN76Mw7rcDmoD6jd/u
ssbcku0AEQEAAYkCPAQYAQoAJgIbDBYhBJMdppz6Ov67yX2qjGxXwpxrp1pOBQJo
D87MBQkFqJeZAAoJEGxXwpxrp1pO7dEP/2EclOFITko0V9mRUmkDV5qGRyQw66cW
hFUAIJlJyRH0inm8+nZFHpi6TokFR/r1yJzWTaG6ywAus8RDj1Xibf0alJDzQ5ya
kErtv4MijuiYCQrE8PVdjgOU3cEGHU7kcEQQXFBiZ3ZrVP8BoPjYH3HPRPnuvNMR
DD6xdojePS8YVaHvo8bWZP51IfRgJ4G25y6LgNBkE4cwQ1hmbbgf/tceso9drWwG
22b97WOI+jHRjHJwlJJjeudaTLdtkiHUMJ10bafT94WtNcyqkZRtzqHqPswD+TKF
tfsKOHfvB9IKVn1TSTxXRzrhABmf/R5gsFXS/n69Qp58tRNF+k6G4oDpvKR8ugdu
fUzgRb+089FSgG2Heoej2NGiWm/eFNRh0UtABZ8A0E8J5kxenaloVHln+w9aVv+E
nxXgVQp1MQPorMcjOKHkzMzidi4c0V+5gPWq+NqpQfWiHpJ3HLQSIQAQzOn5OgKh
nsaER9hpUsnCMHyejPyGWmQkuEWOtYU/Jn9OHnqlYNW0MBA7DSNrUpe4Dhd7knKf
cPz7XNhWIW7KlPqI+2KeqMO6pSohy/zjpbEeXbE94udspPd2GcJXPQtRh89hBCK9
RATe2tvjL8tTKGiWbUiiZHV73mXZPOGImc97sMQS5FII6gDl7GKrmQeUyKcr+E7N
fkS9YnloRIR7
=8YGU
-----END PGP PUBLIC KEY BLOCK-----
Edited by Georgi N. Georgiev | GitLab