New Relic <developer-toolkit@newrelic.com> OpenPGP/GnuPG public key has changed #1772
Description
Description
Public OpenPGP/GnuPG key for New Relic developer-toolkit@newrelic.com expired in April 2025, and the new key has not been posted to developer-toolkit.asc
Go Version
N/A
Current behavior
Vaiidation using gpg --verify on the x86_64 .sig and .tar.gz files fails. Also, it does not appear that the new public key has been submitted to any keyserver I've tried.
Expected behavior
Be able to import the new public key with a new .asc file (the current one listed on the newrelic-cli README is the expired one. Version 0.106.8 was signed by the new key.
Steps To Reproduce
Steps to reproduce the behavior:
- Download https://github.com/newrelic/newrelic-cli/releases/download/v0.106.8/newrelic-cli_0.106.8_Linux_x86_64.tar.gz.sig and https://github.com/newrelic/newrelic-cli/releases/download/v0.106.8/newrelic-cli_0.106.8_Linux_x86_64.tar.gz.
- Run the following command:
gpg --verify newrelic-cli_0.106.8_Linux_x86_64.tar.gz.sig newrelic-cli_0.106.8_Linux_x86_64.tar.gz
- See error:
gpg: Signature made Fri 19 Dec 2025 08:15:36 AM EST
gpg: using RSA key D3EEEEE880A91DEE209A82CC4F9A9B5B96EC30B9
gpg: Can't check signature: No public key
- Try to import key from developer-toolkit.asc:
gpg --import developer-toolkit.asc
- See error (no change):
gpg: key 92ADA76A30A3F1FD: "New Relic <developer-toolkit@newrelic.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
- Print current trusted key:
gpg --list-keys developer-toolkit@newrelic.com
- See the expired key:
pub rsa4096 2023-04-27 [SC] [expired: 2025-04-26]
5961D131BB2C5C6B42B14D0F92ADA76A30A3F1FD
uid [ expired] New Relic <developer-toolkit@newrelic.com>
- Try to receive the keys from a keyserver (all keyservers tried listed below):
gpg --keyserver keyserver.ubuntu.com --receive-keys D3EEEEE880A91DEE209A82CC4F9A9B5B96EC30B9
gpg --keyserver hkps://keys.openpgp.org --receive-keys D3EEEEE880A91DEE209A82CC4F9A9B5B96EC30B9
gpg --keyserver hkps://pgpkeys.eu --receive-keys D3EEEEE880A91DEE209A82CC4F9A9B5B96EC30B9
gpg --keyserver hkps://keys.mailvelope.com --receive-keys D3EEEEE880A91DEE209A82CC4F9A9B5B96EC30B9
- They all return the same result:
gpg: keyserver receive failed: No data
Additional Notes
I am the maintainer of several New Relic packages in the Arch Linux User Repository (AUR), and many of them are out of date. I got notice today that newrelic-cil was flagged out of date, and ran into this problem trying to install the latest version as a test.