GitLab GPG expired today
The GPG Key from Gitlab Packages expired Today. I have attempted to Update my Packages with APT and I see that the Key expired Today
https://docs.gitlab.com/omnibus/update/package_signatures#package-repository-metadata-signing-keys
Note From GitLab
This certificate expiration affected all packages from https://packages.gitlab.com, including Omnibus GitLab and GitLab Runner.
We resolved this as quickly as we could after this was raised. We appreciate everyone's understanding and patience while we addressed the situation. This affected all of us, including GitLab's own testing and staging infrastructure. We are planning several measure to prevent this kind of occurrence from happening again in the future, several of which you can find in related issues.
- We have created an issue specifically to perform the appropriate maintenance of this certificate at the turn of 2024, months ahead of time.
- We are going to look into an appropriate alerting behavior, just in case the above Issue's due date is not sufficient.
- We are going to properly document a Runbook for how to perform these actions on the PackageCloud instance, so that the next rotation / extension process happens even faster.
Actions Taken
GitLab has extended the existing certificate by 2 years (now 2024-03-01
). We have updated the documentation to show this new date. You will need to pull in the updated public key for this to take effect on your local systems.
Steps to resolve
To update the repository metadata certificate, you may:
- Use the automated repository configuration script again, which should update this for you.
- Follow the instructions for rotation, per our documentation to update keys after expiry extension.
We have updated the documentation to include steps to address feedback from users within this MR.