The GPG keys previously used to sign the APT repository (fingerprint
4E40DDF6D76E284A4A6780E48C8C34C524098CB6 0E22EB88E39E12277A7760AE9E439B102CF3C0C6) were rotated on
2023-01-12 and 2023-08-24 respectively, and replaced with a new key with fingerprint
B53AE77BADB630A683046005963FA27710458545.
If you enabled the repository before that,
you will see errors when running apt update.
To fix this, re-run the commands below to fetch the new
key. See the following blog post for more information:
https://grafana.com/blog/2023/01/12/grafana-labs-update-regarding-circleci-security-updates/
Note that the new key is also available along with the revocation certificate for the old key at
https://apt.grafana.com/gpg-full.key and
https://rpm.grafana.com/gpg-full.key.
# mkdir -p /etc/apt/keyrings/
# wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor > /etc/apt/keyrings/grafana.gpg
# echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
# nano /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://rpm.grafana.com
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://rpm.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
# nano /etc/yum.repos.d/grafana.repo
[grafana]
name=grafana
baseurl=https://rpm-beta.grafana.com
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://rpm-beta.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt