jost
September 12, 2019, 8:44am
1
I have import ubuntu repo in katello with gpg that is on ubuntu
apt-key exportall > ubuntu-all.key
but now I have a problem when I try to update client, I get this error:
logs
root@ubuntu1804:~# apt-get update
Ign:1 http://foreman.test.local/pulp/deb/snt/Library/custom/ubuntu-test/ubuntu-latest bionic InRelease
Hit:2 http://foreman.test.local/pulp/deb/snt/Library/custom/ubuntu-test/ubuntu-latest bionic Release
Ign:3 http://foreman.test.local/pulp/deb/snt/Library/custom/ubuntu-test/ubuntu-latest bionic Release.gpg
Reading package lists... Done
E: The repository 'http://foreman.test.local/pulp/deb/snt/Library/custom/ubuntu-test/ubuntu-latest bionic Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
root@ubuntu1804:~#
If I use allow-insecure=yes in sources.list it still doesn’t work.
I read that I have to create my oven gpg key, but then I can’t import repo to my katello server.
logs
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) Exception: Verification of Release failed! gpg: Signature made Thu 18 Apr 2019 09:41:01 AM UTC using RSA key ID C0B21F32
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] ERRSIG 3B4FE6ACC0B21F32 1 10 00 1555580461 9
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] NO_PUBKEY 3B4FE6ACC0B21F32
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Can't check signature: No public key
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Signature made Thu 18 Apr 2019 09:41:01 AM UTC using RSA key ID 991BC93C
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] ERRSIG 871920D1991BC93C 1 10 00 1555580461 9
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] NO_PUBKEY 871920D1991BC93C
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Can't check signature: No public key
Can someone please help me. There isn’t any good documentation on internet for pulp, debian/ubuntu and gpg.
Thanks
dIELERx
September 12, 2019, 10:31am
2
Hey, have a look at this Foreman Katello - Deb Sync no Release.gpg
I am currently trying to get it working.
jost
September 12, 2019, 11:12am
3
I have also following that thread but I get this error:
logs
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) Exception: Verification of Release failed! gpg: Signature made Thu 18 Apr 2019 09:41:01 AM UTC using RSA key ID C0B21F32
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] ERRSIG 3B4FE6ACC0B21F32 1 10 00 1555580461 9
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] NO_PUBKEY 3B4FE6ACC0B21F32
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Can't check signature: No public key
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Signature made Thu 18 Apr 2019 09:41:01 AM UTC using RSA key ID 991BC93C
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] ERRSIG 871920D1991BC93C 1 10 00 1555580461 9
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) [GNUPG:] NO_PUBKEY 871920D1991BC93C
Sep 12 10:21:18 foremansc pulp: celery.app.trace:ERROR: [47274b8d] (25581-29952) gpg: Can't check signature: No public key
here are the new instructions:
dIELERx
September 13, 2019, 7:15am
5
jost:
3B4FE6ACC0B21F32
The first error NO_PUBKEY 3B4FE6ACC0B21F32 is because your are missing the Ubuntu GPG Key.
This is the missing pubkey:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE+tgXgBEADfiL1KNFHT4H4Dw0OR9LemR8ebsFl+b9E44IpGhgWYDufj0gaM
/UJ1Ti3bHfRT39VVZ6cv1P4mQy0bnAKFbYz/wo+GhzjBWtn6dThYv7n+KL8bptSC
Xgg1a6en8dCCIA/pwtS2Ut/g4Eu6Z467dvYNlMgCqvg+prKIrXf5ibio48j3AFvd
1dDJl2cHfyuON35/83vXKXz0FPohQ7N7kPfI+qrlGBYGWFzC/QEGje360Q2Yo+rf
MoyDEXmPsoZVqf7EE8gjfnXiRqmz/Bg5YQb5bgnGbLGiHWtjS+ACIdLUq/h+jlSp
57jw8oQktMh2xVMX4utDM0UENeZnPllVJSlR0b+ZmZz7paeSar8Yxn4wsNlL7GZb
pW5A/WmcmWfuMYoPhBo5Fq1V2/siKNU3UKuf1KH+X0p1oZ4oOcZ2bS0Zh3YEG8IQ
ce9Bferq4QMKsekcG9IKS6WBIU7BwaElI2ILD0gSwu8KzvNSEeIJhYSsBIEzrWxI
BXoN2AC9PCqqXkWlI5Xr/86RWllB3CsoPwEfO8CLJW2LlXTen/Fkq4wT+apdhHei
WiSsq/J5OEff0rKHBQ3fK7fyVuVNrJFb2CopaBLyCxTupvxs162jjUNopt0c7OqN
BoPoUoVFAxUSpeEwAw6xrM5vROyLMSeh/YnTuRy8WviRapZCYo6naTCY5wARAQAB
tEJVYnVudHUgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMTIpIDxm
dHBtYXN0ZXJAdWJ1bnR1LmNvbT6JAjgEEwECACIFAk+tgXgCGwMGCwkIBwMCBhUI
AgkKCwQWAgMBAh4BAheAAAoJEDtP5qzAsh8yXX4QAJHUdK6eYMyJcrFP3yKXtUYQ
MpaHRM/floqZtOFhlmcLVMgBNOr0eLvBU0JcZyZpHMvZciTDBMWX8ItCYVjRejf0
K0lPvHHRGaE7t6JHVUCeznNbDMnOPYVwlVJdZLOa6PmE5WXVXpk8uTA8vm6RO2rS
23vE7U0pQlV+1GVXMWH4ZLjaQs/Tm7wdvRxeqTbtfOEeHGLjmsoh0erHfzMV4wA/
9Zq86WzuJS1HxXR6OYDC3/aQX7CxYT1MQxEw/PObnHtkl3PRMWdTW7fSQtulEXzp
r2/JCev6Mfc8Uy0aD3jng9byVk9GpdNFEjGgaUqjqyZosvwAZ4/dmRjmMEibXeNU
GC8HeWC3WOVV8L/DiA+miJlwPvwPiA1ZuKBI5A8VF0rNHW7QVsG8kQ+PDHgRdsmh
pzSRgykN1PgK6UxScKX8LqNKCtKpuEPApka7FQ1u4BoZKjjpBhY1R4TpfFkMIe7q
W8XfqoaP99pED3xXch2zFRNHitNJr+yQJH4z/o+2UvnTA2niUTHlFSCBoU1MvSq1
N2J3qU6oR2cOYJ4ZxqWyCoeQR1x8aPnLlcn4le6HU7TocYbHaImcIt7qnG4Ni0OW
P4giEhjOpgxtrWgl36mdufvriwya+EHXzn36EvQ9O+bm3fyarsnhPe01rlsRxqBi
K1JOw/g4GnpX8iLGEX1ViQIcBBABCAAGBQJPrYpcAAoJEDk1h9l9hlALtdMP/19l
ZWneOCFEFdsK6I1fiUSrrsi+RRefxGT5VwUWTQYIr7UwTJLGPj+GkLQe2deEj1v+
mmaZNsb83IQJKocQbo21OZAr3Uv4G6K3fAwj7zE3V+2k1iZKDH/3MfHpZ9x+1sUQ
PcC+Y0Oh0jWw2GGPClYjLwP7WGegayCfPdejlAOReulKi2ge+mkoNM2Zm1ApA1q1
5rHST5QvIp1WqarK003QPABreDY37zffKiQwTo/jUzncTlTFlThLWqvh2H7g+r6r
jrDhy/ytB+lOOAKp0qMHG1eovqQ6lpaRx+N0UR+bH4+WMBAg756ter/3h/Z9wApI
PgpdA/BkxFQu932JbheZq+8WXQ3XwvXj/PVkqRr3zNAMYKVcSIFQ0hAhd2SK8Xrz
KUMPPDqDF6lUA4hv3aU0kmLiWJibFWGxlE5LLpSPwy3Ed/bSvxYxE+OE+skdB3iP
qHN7GHLilTHXsRTEXPLMN9QfKGKXiLFGXnLLc7hMLFbtoX5UdbaaEK7+rEkIc1zZ
zw9orgefH2oXQSehuhwzmQpfmGM/zEwUSmbeZwXW82txeaGRn/Q5MfAIeqxBKLST
6Lv8SNfpI+f1vWNDZeRUTw3F8yWLrll8a5RKHDvnK3jXzeT8dLZPIjGULMyFm8r3
U2djKhIrUJjjd89QM7qQnNFdU7LR3YG0ezT5pJu+iQIcBBABAgAGBQJPrYliAAoJ
EAv7hH8/Jy9bZ2oQAKT+lN7RHIhwpz+TuTrBJSGFYhLur5T9Fg11mIKbQ9hdVMAS
9XO9fV/H4Odoiz6+ncbWIu8znPsqaziPoSEugj4CrBfVzDncDzOOeivJI66yuiek
s53P48ougGgM3G2aTFAns8hXCgSVBZd4DxMQwR9w9PmuXgGnsVIShsn9TrNz+UOS
pTX2F7PGwT+vOW8hM6W0GpaUhFuNVvi4HAGcW3HgcDy/KuKU5JzLKdUbnGey5N+H
tcTYq+KbRBHCpfG6pPNjRIVdl/X6QcIFDaUO24L1tYTnvgehQnkz3GyLkeqiqmwu
b7sTXYmhUStzdPM2NXGbPVQGNXu5tyvuvLAc+JTrn4ADIjDD35oY/4ti+LcCkuyD
uzU8EWcMbG/QqF3VH2bUI0pP4TFIkeLWkMO7idOCOf6+ntvQaGa3BrnRs9CemDKa
VyWwjNJEXboS8+LwBpWmNw/idWgLzf9N7XF1+GfrF61FeYccltcB1X8M4ElI/Cch
vk52+OG8j6USemCOL1OSirbYqvj8UroQabVUwe90TZrboOL06Q2dPeX0fBIk837U
XRDJpzKYexZvWg9kg7Ibf9MYuodt5bkG+6slwmbN7W1I4UAgrIj4EhlE9wsmdsMc
2eNXk6DOClN8sseXPx490nL623SQSx4tbYpukzaEXREXOQT2uY5GHvDVMv7biQIc
BBABAgAGBQJPrYqXAAoJENfD8TGrKpH1rJAQAJr+AfdLW5oB95I68tZIYVwvqZ41
wU8pkf8iXuNmT4C26wdj204jQl86iSJlf8EiuqswzD0eBrY/QNPOL6ABcKvhO4Kl
uaRiULruaXI7odkmIDAty5gYe04nD7E3wv55lQOTrT7u7QZnfy//yY+3Qw4Ea6Me
SeGW+s3REpmAPSl+iaWkqYiox/tmCQOQJK0jzxTcYyHcLzoNaJ+IqANZUM8URCrb
RapRbm3XxA9FeD0Zlg77NGCZyT1pw6XkG7kLlE4BvUmzS/dIQkx8qnpJhchLQ20l
xqcBaT1buRTxktvflWPeVhPy0MLl72l/Bdhly21YcQbmbClkbWMGgLctbqN25HwH
8Lo6guUk9oWlqvtuXOEI31lZgSestpsCz/JvlfYuyevBa33srUoRTFNnZshGNzkT
20GXjnx7WDb6mHxwcpAZFCCC2ktfDwd+/U0mU6+02zYHby6OIjRHnAvbCGhz51Ed
PfE362W3CY021ktEgu9xYpIGOfREncrjo0AoOwqoWQhEoLG3ihF8LMUryVNac0ew
srGY7gxFCnP+aHtXzaa8mMW8dkWgNwi6RfJfphrgHkdgKVjKukkIqRrZrDoD5O7A
18oTb3iMrBKHdSVZp0icpmAHb0ddBNlY9zun7akuBrVzM5aKuo21l/Qs9z3UK5k4
DjfegedFClqpn37b
=rDTH
-----END PGP PUBLIC KEY BLOCK-----
Add this key as content credential and assign it to your Ubuntu repo, which you want to sync.
dIELERx
September 13, 2019, 8:49am
6
I finally managed to get it working.
I updated my thread and added all necessary steps to get it working.
Finally, the Release.gpg is created and signed.
Thanks for all your help.
Those are the steps I did:
1. GPG
1.1 Create GPG Signing Keys
echo "cert-digest-algo SHA256" >> /var/lib/pulp/gpg-home/gpg.conf
echo "digest-algo SHA256" >> /var/lib/pulp/gpg-home/gpg.conf
export real_name=Foreman-Repos
export email=foreman@domain
gpg --homedir /var/lib/pulp/gpg-home --batch --gen-key <<EOF
Key-Type: RSA
Key-Length: 4096
Key-Usage: sign
Name-Real: ${real_name}
Name-Email: ${email}
Name-…
jost
September 13, 2019, 9:00am
7
thanks, can you just explain where did you get Ubuntu GPG Key?
Is it from /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
dIELERx
September 13, 2019, 9:06am
8
Yes, there are many ways to get the key.
I exported it from an Ubuntu machine.
Run apt-key list to show all GPG Keys. And then take the right one.
apt-key list
...
...
/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
790B C727 7767 219C 42C8 6F93 3B4F E6AC C0B2 1F32
uid [ unbekannt] Ubuntu Archive Automatic Signing Key (2012) <ftpmaster@ubuntu.com>
Copy the Key-ID, which are the last 8 characters C0B21F32 and export it
apt-key exprt C0B21F32
1 Like