From 2b921736e616f3c9cc174dfa44ea6fe2a1fa4daf Mon Sep 17 00:00:00 2001 From: MickLesk Date: Thu, 12 Feb 2026 22:30:34 +0100 Subject: [PATCH] fix(tools.func): fix GPG key format detection in setup_deb822_repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous logic using 'file | grep PGP' was inverted — both ASCII-armored and binary GPG keys matched the pattern, causing ASCII-armored keys to be copied directly instead of being dearmored. This resulted in APT failing with NO_PUBKEY errors on Debian 12 (bookworm). Use 'grep BEGIN PGP' to reliably detect ASCII-armored keys and dearmor them, otherwise copy binary keys directly. --- misc/tools.func | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/misc/tools.func b/misc/tools.func index 3eb650aca..b1a5a271e 100644 --- a/misc/tools.func +++ b/misc/tools.func @@ -1304,17 +1304,17 @@ setup_deb822_repo() { return 1 } - if file "$tmp_gpg" | grep -qi 'PGP\|GPG\|public key'; then - # Already in binary GPG format — copy directly - cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || { - msg_error "Failed to install GPG key for ${name}" + if grep -q "BEGIN PGP" "$tmp_gpg" 2>/dev/null; then + # ASCII-armored — dearmor to binary + gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || { + msg_error "Failed to dearmor GPG key for ${name}" rm -f "$tmp_gpg" return 1 } else - # ASCII-armored — dearmor to binary - gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || { - msg_error "Failed to dearmor GPG key for ${name}" + # Already in binary GPG format — copy directly + cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || { + msg_error "Failed to install GPG key for ${name}" rm -f "$tmp_gpg" return 1 }