Syncing Ubuntu 18.04 repo failed - GNUPGHOME should be a directory?

Spinning up a new dev version of Foreman with Katello that has Debian repo support. I’m wanting to get Foreman, Katello and Puppet to manage Ubuntu systems primarily. The installation is on an updated, fresh install of CentOS 7.

I’ve created a repo sync and product, but I’m stuck trying to sync the repo (main 18.04 repo) and the error that spits out suggests a variable is not set, “GNUPGHOME”, but I can’t find any documentation where I missed steps to set that up. Error:

"  File \"/usr/lib/python2.7/site-packages/pulp_deb/plugins/importers/\", line 187, in verify_release_file\n" +
 "    gpg = self.gnupg_factory(homedir=os.path.join(self.get_working_dir(), 'gpg-home'))\n" +
 "  File \"/usr/lib/python2.7/site-packages/pulp_deb/plugins/importers/\", line 177, in gnupg_factory\n" +
 "    return gnupg.GPG(*args, **kwargs)\n" +
 "  File \"/usr/lib/python2.7/site-packages/\", line 827, in __init__\n" +
 "    raise ValueError('gnupghome should be a directory (it isn\\'t): %s' % gnupghome)\n" +
 "ValueError: gnupghome should be a directory (it isn't): /var/cache/pulp/reserved_resource_worker-3@dev-foreman/e9d6a31e-9e86-405d-bec6-9268020266af/gpg-home\n",

Can anyone help me with this? I have a feeling this is something that shouldn’t be too hard to fix.

I experience the same on Foreman 2.0.2 / Katello 3.15 trying to sync Debian Buster repos. It used to work with 1.24 / 3.14.

I could solve this by removong the GPG key from the Debian repository definitions in Foreman/Katello. At least the repos sync again now.

Don’t I need to have a GPG key added/declared for it to accept the sync configuration? Or does it magically retrieve the correct GPG key from the repo under the assumption I trust the repo when first setting it up?

Also, I don’t know why I didn’t get notifications you posted here, oof. Thanks for the ideas so far! I’ll have to try them soon :slight_smile:

The underlying issue is that a newer version of python2-gnupg has changed its behaviour vis-a-vis directory creation, when it is not there already.

There is a fix on the pulp_deb side that was merged to master:

(Strictly speaking only the following commit is the actual fix:

Unfortunately I missed the last opportunity for a final pulp_deb for Pulp 2 release, and it looks uncertain if and when there will be another.

Your current options are to stop using GPG verification for Debian/Ubuntu syncs, or to manually add the above patch. (The file you need should be at /usr/lib/python2.7/site-packages/pulp_deb/plugins/importers/, do a foreman-maintain service restart after patching the file.)

@BloodyIron For GPG keys to be used you need to manually add them as a content credential. There is no automatic adding of GPG keys/setup for signature verification.

1 Like

Thanks @quba42 ! I’ll check into that fix and probably just apply the code manually. I don’t think running syncs without signing is a good idea.

That being said, I’m not entirely sure for Ubuntu/Debian repos which key I should be getting and from where, as all the guides I’ve found talk about CentOS/Fedora/RHEL repos, and those steps don’t translate for Ubuntu/Debian. Can you advise me on that aspect? I have imported a key, but not yet sure if I’ve imported the right one.

Your help is appreciated! :slight_smile:

We have some documentation on obtaining content credentials for Ubuntu and Debian in our downstream orcharhino documentation:

I hope that helps.

PS: There is an active project to convert our orcharhino documentation to the same format used by the new Foreman documentation. At that point we hope to make some of our documentation available to the upstream Foreman documentation. However, I expect this effort will still take some time. :wink:


This has been exceptionally helpful! I was worried posting on the forums for such a bleeding edge use-case would not get me anywhere. I’ll definitely have to make the time to get this going, and I suspect I should be successful with this all! :slight_smile:

Thanks! And I also should remember to post my results here once I have them.

1 Like