As part of enabling GPG Signing for Debian repositories, if you encountered issues and didn’t find relevant errors/useful information from the Artifactory logs to troubleshoot the issue, then we can make use of the below debug loggers by adding them to $ARTIFACTORY_HOME/etc/logback.xml[for Artifactory V6.x] or $JFROG_HOME/artifactory/var/etc/artifactory/logback.xml [for Artifactory V7.x] file (No restart is required to reflect these changes). These loggers provide more verbose information on the signing process which would help to troubleshoot the issues better.
Debug loggers snippet:
<appender name="debian" class="ch.qos.logback.core.rolling.RollingFileAppender">
<File>${log.dir}/artifactory-debian.log</File>
<rollingPolicy class="org.jfrog.common.logging.logback.rolling.FixedWindowWithDateRollingPolicy">
<FileNamePattern>${log.dir.archived}/artifactory-debian.%i.log.gz</FileNamePattern>
<maxIndex>10</maxIndex>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>25MB</MaxFileSize>
</triggeringPolicy>
<encoder class="ch.qos.logback.core.encoder.LayoutWrappingEncoder">
<layout class="org.jfrog.common.logging.logback.layout.BackTracePatternLayout">
<pattern>%date{yyyy-MM-ddTHH:mm:ss.SSS, UTC}Z [jfrt ] [%-5p] [%-16X{uber-trace-id}] [%-30.30(%c{3}:%L)] [%-20.20thread] - %m%n</pattern>
</layout>
</encoder>
</appender>
<logger name="org.jfrog.repomd.debian" additivity="false">
<level value="debug"/>
<appender-ref ref="debian"/>
</logger>
<logger name="org.artifactory.addon.debian" additivity="false">
<level value="debug"/>
<appender-ref ref="debian"/>
</logger>
<logger name="org.artifactory.addon.dpkgcommon" additivity="false">
<level value="debug"/>
<appender-ref ref="debian"/>
</logger>
Note: We recommend removing the above debug loggers post the reproduction of the issue since heavy loggers would impact Artifactory performance.
After adding these loggers, replicate the issue and validate the log entries. In case if you notice a log message like "missing private signing key or password" during the Debian indexing, these entries indicate that the signing key failed as it does not contain a password.
Corresponding log:
[bianReleaseMetadataIndexer:115] [art-exec-1695 ] - Skipping the creation of InRelease file: missing private signing key or password
Please note post the Artifactory V7.17.2 and above, a passphrase is mandatory for signing keys. Hence, we need to generate the GPG key with the passphrase and by following the instructions shared on our wiki page as a passphrase is mandatory for GPG keys in the current versions of Artifactory and validate if the packages are being signed.