Pulp deb don't create metadata of official Ubuntu repo

Chr1st0f · June 13, 2024, 9:45am

Problem: After synchronization of Ubuntu repositories ( eg: Ubuntu22 main ) I don’t have metadata. Miss InRelease and Release.gpg

Pulpcore + plugin version:
“deb”: “3.2.0”,
“rpm”: “3.25.2”,
“core”: “3.50.2”

Operating system - distribution and version:
k8s

When I create a deb repo for example Ubuntu 22 main, it miss the medata. I see only Release file in the root directory. It miss the inRelease and Release.gpg file.
I have seen in the documentation it is possible to do it ( Feature Overview — Pulp deb Support 3.2.0 documentation )
I have also followed a documentation explaining that we have to change a parameter called :

allowed_content_checksums
( Content Checksums - Pulp Operator )
I have changed this parameter and a migration of the DB has been done.
But I see any changes in my Ubuntu repositories.

Do you have an idea on how to do it ?
Thanks

quba42 · June 13, 2024, 10:07am

It depends on what it is you want.

By default Pulp generates its own metadata during publish. The Release file you see in your repo is part of the APT repo metadata created by Pulp. If you want that metadata to be signed (via a Release.gpg and/or InRelease file), then you need to set up a signing service.
If you want Pulp to serve the original upstream metadata, then you need to use a verbatim publication. Be warned, there have been reports of upstream repos that do not work well using verbatim publications.

Chr1st0f · June 29, 2024, 6:16am

Thank you @quba42 ,
Just to inform you I have been able to create the signing service for Ubuntu distributions.
I have now a global solution who synchronize all data on premise to distribute to my endpoint.
I can use the gpg public key to sign my packages in the pulp.
And as you have explained, I am able to create a snapshot of each repo.

I put the script just in case for other people who would need to.

UBUNTU_URL=http://ch.archive.ubuntu.com/ubuntu/
REPOS_L=(
...
    "focal;--url ${UBUNTU_URL} --distribution=focal;os/focal"
    "focal-updates;--url ${UBUNTU_URL} --distribution=focal-updates;os/focal"
    "focal-security;--url ${UBUNTU_URL} --distribution=focal-security;os/focal"
...
)

DEFAULT_REMOTE_OPTIONS=( --architecture=amd64 --policy immediate --tls-validation False ) 
    
SIGNING_SERVICE_NAME='PulpQE'
POETRYRUN='poetry run'

...
CreateRepo() 
{ 
BACKUPIFS=$IFS
for r in "${REPOS_L[@]}";do 
    IFS=";" read -r -a r <<< "$r"
    REPO_NAME="${r[0]}"
    URL="${r[1]}"
    BASEPATH="${r[2]}"

    echo "# Create remote for $REPO_NAME #"
    $POETRYRUN pulp deb remote create --name $REPO_NAME \
    $URL \
    ${DEFAULT_REMOTE_OPTIONS[@]} | jq -C
    check

    echo "# Create repository for $REPO_NAME repo and on remote $REPO_NAME #" 
    $POETRYRUN pulp deb repository create --name=$REPO_NAME \
    --description $REPO_NAME \
    --remote $REPO_NAME | jq -C
    check

    echo "# Sync $REPO_NAME repo #"
    $POETRYRUN pulp deb repository sync --name $REPO_NAME | jq -C
    check
    
    echo "# Create publication  for $REPO_NAME repo #"
    PULP_HREF_CURR=$($POETRYRUN pulp deb publication --type apt create --repository $REPO_NAME \
    --signing-service=${SIGNING_SERVICE_NAME} | jq -r .pulp_href)
    check

    echo "# Create a distribution attached to the last reference for ${REPO_NAME}_Snap repo on publication ${PULP_HREF_CURR} #"
    $POETRYRUN pulp deb distribution create --name "${REPO_NAME}_Snap" \
    --base-path "${BASEPATH}/${REPO_NAME}_Snap" --publication ${PULP_HREF_CURR} | jq -C
    check

    echo "# Create a distribution attached to the last reference for $REPO_NAME repo on publication ${PULP_HREF_CURR} #"
    $POETRYRUN pulp deb distribution create --name $REPO_NAME \
    --base-path "${BASEPATH}/${REPO_NAME}" --publication ${PULP_HREF_CURR} | jq -C
    check

done
IFS=$BACKUPIFS
}

Jerome · December 23, 2025, 9:09am

Hi,
I am struggling with noble release. I am a newbie here.
I would like to have the same ‘comparable’ output of “sudo apt update”, compare to official repo.

Why with official repos, I have only Hit: and Get: and transient Ign: output messages ?
With Pulp I have tons of Ign: output message ?

When I do not have a 502 error from archive, so after a successful
pulp --no-verify-ssl deb repository sync --name UBUNTU_2404_NOBLE --mirror

when I run sudo apt update, I see a very long list of Ign for all Suites. and Components combination
Ign:…

When I am using the default URI, with the same list of Suites. and Components, then
“sudo apt update” is listing very few lines.

I have setup Pulp in k8s with a cache.
I have not worked yet on Signing.
I am using --type apt instead of verbatim

Best,
Jear

quba42 · December 31, 2025, 7:21pm

I can answer in general terms here: With --type apt (which is also the default), pulp_deb will generate it’s own metadata for your Pulp hosted APT repositories. This metadata can have slight differences in structure and values as compared to the upstream Ubuntu metadata. Having different metadata can lead to different output messages from sudo apt update. For the most part such messages are harmless.

If there are specific messages you think are a problem, and you want us too have a look at, then we need more information, specifically the following:

The full commands for your workflow (to create the remote, the pulp repo, any publications, distributions, and the sync command).
The version of pulpcore and pulp_deb that you are using (you can use pulp status to find this info).
The client host OS and /etc/apt/sources.list* entry you are using to consume the Pulp repo (on the host you are running sudo apt update on).
The relevant output from running sudo apt update.
You should of course feel free to redact any host names or other “sensitive” information from the above.