Trigger signing all debian repos (Katello/Pulp3)

I added signing of all deb repos to Pulp, but it only signs the ones that are changed.
How can i sign all of them regardless of any changes to the contents?

Expected outcome:
Have all deb repos signed.

Foreman and Proxy versions:
Foreman 3.10, Katello 4.12

Distribution and version:
RHEL 8.9

Other relevant data:
So i have the signing process added and working, i can see
pulp signing-service list

    "pulp_href": "/pulp/api/v3/signing-services/*snip*/",
    "pulp_created": "2024-07-09T07:56:08.202228Z",
    "name": "katello_deb_sign",
    "public_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----*snip*\n-----END PGP PUBLIC KEY BLOCK-----\n",
    "pubkey_fingerprint": "*snip*",
    "script": "/etc/pulp/"

I can also see that some of the repos that were synced last night have their InRelease and Release.gpg files added. However some of my repos are stagnant and wont see many changes, and i need these to be signed as well. So i read in Pulp3 documentation that i can indeed sign these by essentially doing this:

REPO_NAMES=$(pulp repository list --limit=100 | jq -r '.[].name')

for NAME in $REPO_NAMES; do
    echo "Processing repository: $NAME"
    pulp publication create --repository="${NAME}" --signing-service="${SIGNING_SERVICE_NAME}"
    pulp distribution create --name="${NAME}" --base-path="${NAME}" --repository="${NAME}"

I can see from the output of pulp repository list --limit=100 | jq -r '.[].name' that i have more than one repo published for Debian 11, im guessing this is because this is the repo that ive used to test content views in katello… So, i guess i would want to sign all instances of the Debian 11 repo in addition to everything else of course?

My question is, is it safe to do this? Will it mess up something with Katello if i manually intervene and republish/redistribute the repos?

Im sorry if this is a stupid question. I have made notes on the whole process and i would like to contribute to the Foreman Katello docs so we can have all the information there, once ive done this last step.

(regarding the pulp commands, im also a bit confused as to the usage of “deb” in ie. pulp deb repository list. This doesnt work for me. I can use pulp repository list, or i can use ie. pulp file repository list. But i cant use “deb”.
From what i gleaned in the docs, these options should point to the different plugins used by pulp? But maybe deb is the default one now and we cant specify it? Anyways, i know this is better asked in the pulp community but i added it here just in case someone knows)

You are looking for the “re-publish repository metadata” action. This action can be performed for arbitrary repositories in Katello even if they have not changed. It will pick up on the signing service you have now added.

I believe for repos in content views the “re-publish repository metadata” action cannot be accessed via the GUI, but there are Hammer commands for it. I don’t remember the precise hammer commands, but I believe hammer repository republish --help should be a good place to start.

1 Like

Thanks for the quick reply, republish does indeed sound like what im after.
I will dig further, thanks for leading me to the correct path!