Problem:
I added signing of all deb repos to Pulp, but it only signs the ones that are changed.
How can i sign all of them regardless of any changes to the contents?
Expected outcome:
Have all deb repos signed.
Foreman and Proxy versions:
Foreman 3.10, Katello 4.12
Distribution and version:
RHEL 8.9
Other relevant data:
So i have the signing process added and working, i can see
pulp signing-service list
[
{
"pulp_href": "/pulp/api/v3/signing-services/*snip*/",
"pulp_created": "2024-07-09T07:56:08.202228Z",
"name": "katello_deb_sign",
"public_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----*snip*\n-----END PGP PUBLIC KEY BLOCK-----\n",
"pubkey_fingerprint": "*snip*",
"script": "/etc/pulp/apt_signing_service.sh"
}
]
I can also see that some of the repos that were synced last night have their InRelease and Release.gpg files added. However some of my repos are stagnant and wont see many changes, and i need these to be signed as well. So i read in Pulp3 documentation that i can indeed sign these by essentially doing this:
SIGNING_SERVICE_NAME="katello_deb_sign"
REPO_NAMES=$(pulp repository list --limit=100 | jq -r '.[].name')
for NAME in $REPO_NAMES; do
echo "Processing repository: $NAME"
pulp publication create --repository="${NAME}" --signing-service="${SIGNING_SERVICE_NAME}"
pulp distribution create --name="${NAME}" --base-path="${NAME}" --repository="${NAME}"
done
I can see from the output of pulp repository list --limit=100 | jq -r '.[].name' that i have more than one repo published for Debian 11, im guessing this is because this is the repo that ive used to test content views in katello… So, i guess i would want to sign all instances of the Debian 11 repo in addition to everything else of course?
My question is, is it safe to do this? Will it mess up something with Katello if i manually intervene and republish/redistribute the repos?
Im sorry if this is a stupid question. I have made notes on the whole process and i would like to contribute to the Foreman Katello docs so we can have all the information there, once ive done this last step.
(regarding the pulp commands, im also a bit confused as to the usage of “deb” in ie. pulp deb repository list. This doesnt work for me. I can use pulp repository list, or i can use ie. pulp file repository list. But i cant use “deb”.
From what i gleaned in the docs, these options should point to the different plugins used by pulp? But maybe deb is the default one now and we cant specify it? Anyways, i know this is better asked in the pulp community but i added it here just in case someone knows)