- The latest stable release is 2.7.3
- The latest pre-release version is pending
- The latest maintenance release is 2.6.9
We recommend you always use the stable version for production environments.
There are Release Notes that detail the major feature and language changes between versions. We recommend you read this if upgrading Puppet from an earlier version.
There is also a Development/Code Names .
- Puppet Dashboard
- Ruby Gems
- Other Packages
- Apple Mac OS X Packages
- ArchLinux Packages
- Debian Packages
- FreeBSD Packages
- Gentoo Packages
- Mandriva Packages
- NetBSD Packages
- OpenBSD Packages
- RPM Packages
- SuSE Packages
- Solaris and OpenSolaris Packages
- Ubuntu Packages
- Install From Source
- Verifying Puppet Downloads
- Import the release signing key
- Verifying the fingerprint
- Verifying the puppet releases
- Stable – Puppet Dashboard 1.1.1 (tar+gzip) (signature)
- Dashboard RPM
- Dashboard Deb
- Development – Puppet Dashboard 1.2rc9 (tar+gzip) (signature)
- Dashboard RPM
- Dashboard Deb
Apple Mac OS X Packages¶
Apple Mac OS X packages are hosted at explanatorygap.net, as are instructions for building pkgs from the source repository. Please contact Nigel Kersten there for issues with Puppet/Facter packages on Mac OS X.
Alternatively, OS X packages are available through MacPorts.
Thanks to JosÃ© GonzÃ¡lez GÃ³mez, Puppet is now officially in Portage.
Mandriva packages are available from the Mandriva contrib repository.
Puppet is included in OpenBSD’s ports tree, and packages are available in the appropriate packages directory on OpenBSD mirrors. Some unofficial (but more recent) packages are provided as is for a limited set of OpenBSD releases and architectures on openbsd.glei.ch.
Puppet is available in RPM form as part of Fedora and EPEL. A simple yum install puppet or yum install puppet-server on such systems should be all you need. EPEL users should be aware that EPEL only moves packages from testing to stable repositories very infrequently – if you are on RHEL or CentOS, you might have to enable the epel-testing repository to get the very latest version of puppet.
Solaris and OpenSolaris Packages¶
Install From Source¶
If you’re interested in developing your own extensions for Puppet, or you’d like to contribute to the project — or even if you just prefer to build straight from the tree — we’ve got a public Git repository for the project. Use git clone git://github.com/puppetlabs/puppet to check out the code, then run sudo ./install.rb from within the resulting repository. If you don’t have git installed, you can browse to a online Git repository instead.
You can also find some instructions for running Puppet Source.
Verifying Puppet Downloads¶
The releases for Puppet are OpenPGP-signed, which provides authentication that the released tarball has not been tampered with and really originated from the Puppet developers. This signature does not ensure that the Puppet Labs servers themselves have not been compromised, however if there is an intrusion, then we will revoke the key and publish that revocation certificate as quickly as possible.
Import the release signing key¶
To have a cryptographic verification of the release, you will want to import the Puppet Labs public key after verifying its integrity. This key is certified by several of the puppet developers, and should be available from the public keyservers. You can import it by doing the following:
$ gpg --recv-key 4BD6EC30 gpg: requesting key 4BD6EC30 from hkp server pool.sks-keyservers.net gpg: key 4BD6EC30: public key "Puppet Labs Release Key <email@example.com>" imported gpg: no ultimately trusted keys found gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Verifying the fingerprint¶
You should be able to verify the fingerprint like this:
$ gpg --list-key --fingerprint 4BD6EC30 pub 4096R/4BD6EC30 2010-07-10 [expires: 2012-07-09] Key fingerprint = 47B3 20EB 4C7C 375A A9DA E1A0 1054 B7A2 4BD6 EC30 uid Puppet Labs Release Key (Puppet Labs Release Key) <firstname.lastname@example.org>
You can also verify the fingerprints by doing this:
$ gpg --list-sigs 4BD6EC30
Verifying the puppet releases¶
Once you have properly verified this key, you can now use it to cryptographically verify the package integrity by doing the following:
Using GnuPG, verifying the release signature on a puppet tarball would look something like this:
$ gpg --verify puppet-2.6.0.tar.gz.sign puppet-2.6.0.tar.gz gpg: Signature made Mon Oct 9 23:48:38 2000 PDT using DSA key ID 4BD6EC30 gpg: Good signature from "Puppet Labs Release Key <email@example.com>"
If you have not taken the necessary steps to build a trust path, through the web of trust, to one of the signatures on the release key, you will see a warning similar to the following when you verify the signature:
Could not find a valid trust path to the key. gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner.
This is normal if you do not have a trust path to the key, do not be alarmed if you see this, the archive integrity is still verified, you just have no trust path to certify that the people signing the release key are who they say they are.
The current Puppet Labs Release key is:
This is the key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQINBEw3u0ABEAC1+aJQpU59fwZ4mxFjqNCgfZgDhONDSYQFMRnYC1dzBpJHzI6b fUBQeaZ8rh6N4kZ+wq1eL86YDXkCt4sCvNTP0eF2XaOLbmxtV9bdpTIBep9bQiKg 5iZaz+brUZlFk/MyJ0Yz//VQ68N1uvXccmD6uxQsVO+gx7rnarg/BGuCNaVtGwy+ S98g8Begwxs9JmGa8pMCcSxtC7fAfAEZ02cYyrw5KfBvFI3cHDdBqrEJQKwKeLKY GHK3+H1TM4ZMxPsLuR/XKCbvTyl+OCPxU2OxPjufAxLlr8BWUzgJv6ztPe9imqpH Ppp3KuLFNorjPqWY5jSgKl94W/CO2x591e++a1PhwUn7iVUwVVe+mOEWnK5+Fd0v VMQebYCXS+3dNf6gxSvhz8etpw20T9Ytg4EdhLvCJRV/pYlqhcq+E9le1jFOHOc0 Nc5FQweUtHGaNVyn8S1hvnvWJBMxpXq+Bezfk3X8PhPT/l9O2lLFOOO08jo0OYiI wrjhMQQOOSZOb3vBRvBZNnnxPrcdjUUm/9cVB8VcgI5KFhG7hmMCwH70tpUWcZCN NlI1wj/PJ7Tlxjy44f1o4CQ5FxuozkiITJvh9CTg+k3wEmiaGz65w9jRl9ny2gEl f4CR5+ba+w2dpuDeMwiHJIs5JsGyJjmA5/0xytB7QvgMs2q25vWhygsmUQARAQAB tEdQdXBwZXQgTGFicyBSZWxlYXNlIEtleSAoUHVwcGV0IExhYnMgUmVsZWFzZSBL ZXkpIDxpbmZvQHB1cHBldGxhYnMuY29tPokCPgQTAQIAKAUCTDe7QAIbAwUJA8Jn AAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQEFS3okvW7DAZaw//aLmE/eob pXpIUVyCUWQxEvPtM/h/SAJsG3KoHN9u216ews+UHsL/7F91ceVXQQdD2e8CtYWF eLNM0RSM9i/KM60g4CvIQlmNqdqhi1HsgGqInZ72/XLAXun0gabfC36rLww2kel+ aMpRf58SrSuskY321NnMEJl4OsHV2hfNtAIgw2e/zm9RhoMpGKxoHZCvFhnP7u2M 2wMq7iNDDWb6dVsLpzdlVf242zCbubPCxxQXOpA56rzkUPuJ85mdVw4i19oPIFIZ VL5owit1SxCOxBg4b8oaMS36hEl3qtZG834rtLfcqAmqjhx6aJuJLOAYN84QjDEU 3NI5IfNRMvluIeTcD4Dt5FCYahN045tW1Rc6s5GAR8RW45GYwQDzG+kkkeeGxwEh qCW7nOHuwZIoVJufNhd28UFn83KGJHCQt4NBBr3K5TcY6bDQEIrpSplWSDBbd3p1 IaoZY1WSDdP9OTVOSbsz0JiglWmUWGWCdd/CMSW/D7/3VUOJOYRDwptvtSYcjJc8 1UV+1zB+rt5La/OWe4UOORD+jU1ATijQEaFYxBbqBBkFboAEXq9btRQyegqk+eVp HhzacP5NYFTMThvHuTapNytcCso5au/cMywqCgY1DfcMJyjocu4bCtrAd6w4kGKN MUdwNDYQulHZDI+UjJInhramyngdzZLjdeE= =jdYz -----END PGP PUBLIC KEY BLOCK-----
The previous Reductive Labs Release OpenPGP key is:
This is the key:
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQINBEr+DxIBEADFFFotx3lUGwOTvUu2jrJjD4DNBGKHBAkxyC9vf8UhWBIWN0Pm yU/6Ior7qbYBNdorEdMHswvq3wdoioBeR3c0LJMlYLzRb7LG+2c1sRE2VC1QLbGe DJuFMGscDIbF2GAb61lxk4S5qhKvL8ttqUwcQ/ZyUDaraaTHF9bJgdsIZ3Kt9dDO SNunfmMM5yw/Nt5D6/guotJJRO24v3fb9mioA9kKhE1WOqDPK0OfVcK+k4cZ2TPJ i8NngZQRd5P/KxMH043BC/GnetSpC2zWQ29AuWXvkFVIoRorme2trNVIajU4cr7G THwbAb4IdFoxkAD3NC+oB/jz25zgaRxbA19QunYC69CPTkTGl2st3+4TjM4xMcYH dr9oK7pq19d4SiXNU/qLPlCuK6z2QtcryiiXgi1ki/IkpO8b2Q3Cwc0oUW6Q8G2X CaVkouM5/qJliNx9IA7WbK+4V3imcmJ+pbujQhKjxnuxd0Zt6vRUWZ7z9/2ybgyC GM0pCZZ46bA3dddx84/9u8qI8Uv5Dg46fKppF2v1Ctv7ot0lJIhYMioTXG6deFDT VqvSJ3fH6apkpDrweoc3ixI1sZ2eSmTLZKnIv2uWB2p7HJZj8aPvUPgRWqfIM/J/ APIckFrLZ7BfIcfGs/Eq1iPzDBGfLWGEhbx8ZzEJ4k3q8ykjHpJ4sxz0LQARAQAB tDNSZWR1Y3RpdmUgTGFicyBSZWxlYXNlIEtleSA8aW5mb0ByZWR1Y3RpdmVsYWJz LmNvbT6JAjwEEwECACYFAkr+DxICGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgIDAQIe AQIXgAAKCRD/rIZYg0eif4upD/4kQPPFz44FUfawhNVcOsp2tFLX3fN6GVrdqGt4 x2gRv92DOI/8rLvfTBA4JRT7sKgFDfAZ7FPISNZf/7Swo9PbUc4UU0T/FP+bsj5w tC+g2FuKfNSJqoQvG3XU6iRGmQpLkxpnzioJTJy682Fp7jUZPiZKxRqq467fG3cd vrkNMT8SKt5gEnweVwn9wOOAEu36M7KNRM24tky40m4xdZHyXgk5QeZ22K0TVX3U fIXIiNRvnkcdneHZabOase+g6jjaJuQ6JKTSC3Mf30HNWP5C26azDaCSME0GVr4a O3MbzzKvVt7sbv+TVDGmsGFxT6lTuLOkOMoPudFDKKnmMXGxOtBUwSYDbHK+81/E v/7dSX3bx4mHZAQt7S6cVg3PVIQeKs6vQwpPE3c58cymnL39zpviGILhCJKxWdBY Kugv+DoDi1aYiPXhS3EgMssTS6mwpEfsD2C9zD9cUjICmIgP/nqYJqYigd0lwpfD HjkHyGAC4hxFp5M+zNR/ByUQBaLdcu1sfHrpzBLnGh4kCqKN3K7If+Cq1yj76qrp Q9/8QINkLTESQ5AGQWbuQ54YFG3+KWQTpFAHSlwlLnmrH5nKHWllq1fdW3vzIjFp TpZGT+lTTzzk1BmVsTvI03AG7MOV0g7FQ95t0SZkDkQBMWcxiD48I262jxV8NQCR 5WceRw== =3YhS -----END PGP PUBLIC KEY BLOCK-----