RPM Upload signature verification in pulp3

Hi, we are migrating from pulp2 to pulp3 repository in our company. We are shipping mainly RPMs packages and we sign them during build process.

We were used to enable the --allowed-keys option when creating a repository in order to prevent accidental upload of unsigned packages (or signed with wrong keys) to our repositories.

It seems that the option is available also in pulp3 (--gpgcheck or --repo_gpgcheck, we did not get the difference) but we are unable to specify the desired public key ID for verification.

We found this issue on github and it seems that the feature is not already available https://github.com/pulp/pulp_rpm/pull/2954

Can you please clarify whether this feature is available and, if so, how can we use is?


This feature is not available. Here is the summary of why not: https://github.com/pulp/pulp_rpm/pull/2954#issuecomment-1501897075

1 Like