https://pulp.plan.io/https://pulp.plan.io/favicon.ico2019-08-28T13:13:58ZPulpDebian Support - Issue #5249: pulp_deb does not seem to support InRelease/Release.gpg signinghttps://pulp.plan.io/issues/5249?journal_id=471122019-08-28T13:13:58Zquba42
<ul></ul><p>As far as I can tell you are bringing up two separate issues:</p>
<p>(1) Making pulp_deb verify the upstream repository you are syncing from.<br>
(2) Making pulp_deb sign the repository it is publishing (you referred to this as creating a mirror).</p>
<p>The options --require-signature and --allowed-keys relate to issue (1).<br>
I do not personally have much experiencing with regards to issue (1).<br>
If you say you imported the needed keys into roots keyring, but are getting "No GPG-keys in keyring, did the import fail?", then maybe they need to go into some different users keyring. (If anyone knows please comment).</p>
<p>With regard to issue (2), you can find some documentation in the README.md file here: <a href="https://github.com/pulp/pulp_deb/tree/2-master" class="external">https://github.com/pulp/pulp_deb/tree/2-master</a><br>
See the "Signing support" and "InRelease file signing" parts. This will tell you how to make pulp_deb publish InRelease files and/or Release.gpg files.</p>
<p>One final note: pulp_deb for pulp2 does not really create a "mirror" of some upstream repository. Rather, it synchronizes a bunch of information from some upstream repository source, and then publishes a repository with the same content according to it's own rules. This will include the same components and architectures as the upstream repository (so long as they were synced by the user), but will not necessarily include all the same fields in the Release file, etc. As such, pulp_deb also can't reuse the signatures from the upstream repository. You can however, sign your published pulp repository with a key of your own.</p> Debian Support - Issue #5249: pulp_deb does not seem to support InRelease/Release.gpg signinghttps://pulp.plan.io/issues/5249?journal_id=524102020-01-24T09:59:04Zquba42
<ul><li><strong>Tags</strong> <i>Pulp 2</i> added</li></ul> Debian Support - Issue #5249: pulp_deb does not seem to support InRelease/Release.gpg signinghttps://pulp.plan.io/issues/5249?journal_id=637562020-10-15T07:57:39Zquba42
<ul><li><strong>Status</strong> changed from <i>NEW</i> to <i>CLOSED - WORKSFORME</i></li></ul><p>Pulp 2 does support signing and verification. I presume this was a configuration issue.</p>
<p>Either way, there won't be any more significant work on these features for Pulp 2.</p>
<p>Feel free to open a new issue, if you have problems relating to signature and verification in Pulp 3.</p>