Problem:
Good afternoon. Please tell me, is there any instruction for signing DEB repositories in foreman 3.4? now I’m trying to do this - Pulp_deb for pulp3 in Katello . But unfortunately it doesn’t work
Expected outcome:
successful signing of deb repositories
Foreman and Proxy versions:
Foreman 3.4 SmartProxy 3.4.1
Foreman and Proxy plugin versions:
Distribution and version:
Katello 4.6
Other relevant data:
if you follow the instructions that are indicated in the pen post, you get the following error
bash-4.4$ pulpcore-manager add-signing-service --class 'deb:AptReleaseSigningService' katello_deb_sign "${PWD}/sign_deb_release.sh" 'Pulp QE'
System check identified some issues:
WARNINGS:
?: (guardian.W001) Guardian authentication backend is not hooked. You can add this in settings as eg: `AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend', 'guardian.backends.ObjectPermissionBackend')`.
Traceback (most recent call last):
File "/bin/pulpcore-manager", line 33, in <module>
sys.exit(load_entry_point('pulpcore==3.18.10', 'console_scripts', 'pulpcore-manager')())
File "/usr/lib/python3.9/site-packages/pulpcore/app/manage.py", line 11, in manage
execute_from_command_line(sys.argv)
File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 419, in execute_from_command_line
utility.execute()
File "/usr/lib/python3.9/site-packages/django/core/management/__init__.py", line 413, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/lib/python3.9/site-packages/django/core/management/base.py", line 354, in run_from_argv
self.execute(*args, **cmd_options)
File "/usr/lib/python3.9/site-packages/django/core/management/base.py", line 398, in execute
output = self.handle(*args, **options)
File "/usr/lib/python3.9/site-packages/pulpcore/app/management/commands/add-signing-service.py", line 68, in handle
SigningService.objects.create(
File "/usr/lib/python3.9/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/lib/python3.9/site-packages/django/db/models/query.py", line 453, in create
obj.save(force_insert=True, using=self.db)
File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 814, in save
self.validate()
File "/usr/lib/python3.9/site-packages/pulp_deb/app/models/signing_service.py", line 41, in validate
return_value = self.sign(test_release_path)
File "/usr/lib/python3.9/site-packages/pulpcore/app/models/content.py", line 754, in sign
raise RuntimeError(str(completed_process.stderr))
RuntimeError: b"gpg: WARNING: unsafe permissions on homedir '/var/lib/pulp/.gnupg'\ngpg: signing failed: Permission denied\ngpg: signing failed: Permission denied\n"
if you put the pulp owner and give the rights 600, then the error is different
bash-4.4$
bash-4.4$ pulpcore-manager add-signing-service \
> --class 'deb:AptReleaseSigningService' \
> katello_deb_sign "${PWD}/sign_deb_release.sh" 'Pulp QE'
System check identified some issues:
WARNINGS:
?: (guardian.W001) Guardian authentication backend is not hooked. You can add this in settings as eg: `AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend', 'guardian.backends.ObjectPermissionBackend')`.
pulp [None]: gnupg:WARNING: gpg returned a non-zero error code: 2
CommandError: There are 0 keys matching the key id.
bash-4.4$
maybe someone has encountered this?
That error suggests that there is no secret key available with name ‘Pulp QE’.
Can you verify this by checking:
su pulp -s /bin/bash -c "gpg --list-secret-keys 'Pulp QE'"
This should return the secret key, if not try the following to see if any secret key is there:
su pulp -s /bin/bash -c "gpg --list-secret-keys"
If neither is successful, have you created the GPG-Key as user pulp?
Good afternoon. At the moment everything seems to be fine, except for one thing: not all Debian repositories have received Inrelease files, but most repositories have. What could this be related to?
Thank you all, the problem has been solved, it turns out that in order for the signature to appear in the repository after all the manimulations, a change must occur in the repository