Issue #8896
closedfile Release is not signed for deb repository
Description
Ticket moved to GitHub: "pulp/pulp_deb/411":https://github.com/pulp/pulp_deb/issues/411
good afternoon, Comrades. Please tell me, maybe someone has encountered a problem with synchronization of the deb repository. It syncs without the Release file.gpg, as a result, when executing apt-get update on the target machine, the error "bionic-updates Release’ is not signed " appears. ". I found this instruction on the forum Foreman Katello - Deb Sync no Release.gpg but it still doesn’t work. Duma. this is related to the pulp version. I use pulp3
Updated by fao89 over 2 years ago
- Category deleted (
Operator - Moved to Github Issues)
Updated by quba42 over 2 years ago
In order to have signed metadata for APT repos, you need to set up a signing service and use it for the relevant publication. Alternatively you can use the verbatim publisher to publish the original signatures from the upstream repo (mirror mode).
See:
https://docs.pulpproject.org/pulp_deb/feature_overview.html#metadata-signing
https://docs.pulpproject.org/pulp_deb/feature_overview.html#verbatim-publishing
Admittedly, the docs on signing services need to be reworked. Especially now that there is a pulpcore-manager command available for creating singning services.
Updated by quba42 over 2 years ago
Pulpcore manager command for creating APT signing services:
pulpcore-manager add-signing-service \
--class 'deb:AptReleaseSigningService' \
<unique_name_for_signing_service> <path_to_signing_service_script> <signing_key_fingerprint>
Once https://pulp.plan.io/issues/9532 is done, it will be possible to provide a fully generic example "signing service script".
Updated by pulpbot over 2 years ago
- Description updated (diff)
- Status changed from NEW to CLOSED - DUPLICATE