Deb signing does not work

Problem:
There is a strange problem in my opinion. I’m trying to set up DEB repository signing. Key created, bash script created, executed
sudo -u pulp
PULP_SETTINGS=/etc/pulp/settings.py
pulpcore-manager add-signing-service
–class ‘deb:AptReleaseSigningService’
katello_deb_sign “${PWD}/sign_deb_release.sh” ‘Pulp QE’
I received a response - The katello_deb_sign signing service has been successfully added for the 18DB8D9B9D2BFA772351C406D8E4C27D9E5D9D02 key.

at the same time, the repositories are not subscribed. And if you run the pulpcore-manager signing-service list command, we get an Unknown command: ‘signing-service’ in response. Did you mean add-signing-service?
Type ‘pulpcore-manager help’ for usage. However, if I try to create the same signature again, I get the error DETAIL: The key “(name)=(katello_deb_sign)” already exists.
Expected outcome:
signed repo
Pulpcore version:
3.6.9
Pulp plugins installed and their versions:

Operating system - distribution and version:

Other relevant data:

Are you quite sure about that pulpcore version?

Anyway, after creating it, can you list the sigining services with pulp signing-service list?

Sorry, I made a mistake with the version. The correct version is “version”: “3.69.2”, As for checking the signature list, I wrote above that in response to the pulpcore-manager signing-service list, I receive a command, we get an Unknown command: ‘signing-service’ in response. Did you mean add-signing-service?

at the same time, if I try to add a service, I get a message that a service with such a signature already exists.

Yes, sorry, it’s a different command. You cannot create the signing service via the api (hence pulpcore-mananger) but listing them is an api thing (pulp is the pulp-cli).

Not sure if you already found this, but just in case I will point you at some relevant docs.

To create a signing service (it sounds like you already successfully did this): Signing Service Creation - Pulp Project

However, that is not enough, you also need to start using the newly created signing service for your publications: Publish Repositories - Pulp Project

If you are using Katello, and you created a signing service named katello_deb_sign, then you can ignore this latest part. Katello should automatically start using the signing service for any newly created publications (but it will not automatically re-create existing publications). Have you checked if a newly created and synced Katello repo is now signed?

Thank you for your reply! I really don’t use katello. Now that I’ve made changes to the post, I get a different error.
{
“pulp_href”: “/pulp/api/v3/tasks/01950fb4-b28c-72d4-a82b-439a60e4b91b/”,
“prn”: “prn:core.task:01950fb4-b28c-72d4-a82b-439a60e4b91b”,
“pulp_created”: “2025-02-16T17:00:55.309500Z”,
“pulp_last_updated”: “2025-02-16T17:00:55.309517Z”,
“state”: “failed”,
“name”: “pulp_deb.app.tasks.publishing.publish”,
“logging_cid”: “8c4aef75bd3441b7adc6464ade5f77bf”,
“created_by”: “/pulp/api/v3/users/1/”,
“unblocked_at”: “2025-02-16T17:00:55.398249Z”,
“started_at”: “2025-02-16T17:00:55.532117Z”,
“finished_at”: “2025-02-16T17:01:11.491428Z”,
“error”: {
“traceback”: " File “/var/lib/pulp/venv/lib64/python3.11/site-packages/pulpcore/tasking/tasks.py”, line 68, in _execute_task\n result = func(*args, **kwargs)\n ^^^^^^^^^^^^^^^^^^^^^\n File “/var/lib/pulp/venv/lib64/python3.11/site-packages/pulp_deb/app/tasks/publishing.py”, line 166, in publish\n release_helper.finish()\n File “/var/lib/pulp/venv/lib64/python3.11/site-packages/pulp_deb/app/tasks/publishing.py”, line 534, in finish\n asyncio.run(self.sign_metadata())\n File “/usr/lib64/python3.11/asyncio/runners.py”, line 190, in run\n return runner.run(main)\n ^^^^^^^^^^^^^^^^\n File “/usr/lib64/python3.11/asyncio/runners.py”, line 118, in run\n return self._loop.run_until_complete(task)\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File “/usr/lib64/python3.11/asyncio/base_events.py”, line 654, in run_until_complete\n return future.result()\n ^^^^^^^^^^^^^^^\n File “/var/lib/pulp/venv/lib64/python3.11/site-packages/pulp_deb/app/tasks/publishing.py”, line 557, in sign_metadata\n self.signed = await self.signing_service.asign(\n ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n File “/var/lib/pulp/venv/lib64/python3.11/site-packages/pulpcore/app/models/content.py”, line 838, in asign\n raise RuntimeError(str(stderr))\n",
“description”: “b’gpg: \xd0\x92\xd0\xbd\xd0\0\xbd\xd0\xb8\xd0\xb5: \xd0\xbd\xd0\xb5\xd1\x87\xd0\xb5\xd0\xb3\xd0\xbe \xd1\x8d\xd0\xba\x81\xd0\xbf\xd0\xbe\xd1\x80\xd1\x82\xd0\xb8\xd1\x80\xd0\xbe\xd0\xb2\xd0\xb0\xd1\x82\xd1\x8c\ngpg: \xd0\xbf\xd1\x80\xd0\xbe\xd0\xbf\xd1\x83\xd1\x89\xd0\xb5\xd0\xbd\xd0\xbe “Pulp QE”: \xd0\x9d\xd0\xb5\xd1\x82 \xd1\x81\xd0\xb5\xd0\xba\xd1\x8x82\xd0\xbd\xd0\xbe\xd0\xb3\xd0\xbe \xd0\xba\xd0\xbb\7\xd0\xb0\ngpg: signing failed: \xd0\x9d\xd0\xb5\xd1\x82 \xd1\x81\xd0\xb5\xd0\xba\xd1\x80\xd0\xb5\xd1\x82\xd0\xbd\xd0\xbe\xd0\xb3\xd0\xbe \xd0\xba\xd0\xbb\xd1\x8e\xd1\x87\xd0\xb0\n’”
},
“worker”: “/pulp/api/v3/workers/01950fb1-f5cf-7bfd-a9ed-a436d110934d/”,
“parent_task”: null,
“child_tasks”: [],
“task_group”: null,
“progress_reports”: [],
“created_resources”: [],
“reserved_resources_record”: [
“shared:prn:deb.aptrepository:0194d6c8-58f8-748a-890a-1659ab3aeb49”,
“shared:prn:core.domain:01948d8a-17d4-71c4-93d1-a7c9eafd3009”
]
}

my signature is there, I can see it if I go to http://localhost:24817/pulp/api/v3/signing-services/0194f04e-01cb-72c0-9191-039bae8e9c7b/

{ “pulp_href”: “/pulp/api/v3/signing-services/0194f04e-01cb-72c0-9191-039bae8e9c7b/”, “prn”: “prn:core.signingservice:0194f04e-01cb-72c0-9191-039bae8e9c7b”, “pulp_created”: “2025-02-10T14:40:32.097323Z”, “pulp_last_updated”: “2025-02-10T14:40:32.097345Z”, “name”: “katello_deb_sign”, “public_key”: “-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGeqCYgBDACkdUylxvKk0UzO9Dytk9r1P+zZYPR3Ez/cGPR6sFHLywJZvmbS\nRBDKMI/NWEyL30UvHlw0GBf4vhxUzBA/oHAYr44cQsmM7IUI676vukL1diIjtzPC\n/YJWS4AYKZWrH1ZJ0E+M1tT6GqW+OGt4LJWEuuhTAk4Cajv5SPqAVt+5gWSd6uRB\n7zS2o/w3dcHpzRDMnjkjzqDQe/my3wGMXmyP8eExbZFw8-----END PGP PUBLIC KEY BLOCK-----\n”, “pubkey_fingerprint”: “18DB8D9B9D2BFA772351C406D8E4C27D9E”, “script”: “/opt/sign.bash” }