[root@az66u1971 pulp]# sudo -u pulp PULP_SETTINGS=’/etc/pulp/settings.py’ pulpcore-manager add-signing-service --class ‘deb:AptReleaseSigningService’ katello_deb_sign “/var/lib/pulp/sign_deb_release.sh” ‘Pulp QE’
/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/cryptography/hazmat/bindings/openssl/binding.py:173: CryptographyDeprecationWarning: OpenSSL version 1.0.2 is no longer supported by the OpenSSL project, please upgrade. The next version of cryptography will drop support for it.
warnings.warn(
System check identified some issues:
WARNINGS:
?: (guardian.W001) Guardian authentication backend is not hooked. You can add this in settings as eg: AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend', 'guardian.backends.ObjectPermissionBackend').
Successfully added signing service katello_deb_sign for key F8A172E72483C0F82B2EAE7870570F6F50DA5CCE.
Looks like you are now successfully doing both of the following:
Checking the signatures on the upstream repo you are syncing from archive.ubuntu.com using a GPG Key “Content Credential”. Note that this signature checking works by simply discarding any Release files that cannot be successfully verified using the GPG key you provided. This can lead to problems if any of the “Releases/Distributions” you are syncing are signed with different keys from eachother.
You are signing all the repos your Katello instance is publishing using the katello_deb_sign signing service you created.