fix(tools): auto-detect binary vs armored GPG keys in setup_deb822_repo

The UniFi GPG key at dl.ui.com/unifi/unifi-repo.gpg is already in binary format. setup_deb822_repo unconditionally ran gpg --dearmor which expects ASCII-armored input, corrupting binary keys and causing apt to fail with 'Unable to locate package unifi'. setup_deb822_repo now downloads the key to a temp file first and uses the file command to detect whether it is already a binary PGP/GPG key. Binary keys are copied directly; armored keys are dearmored as before. This also reverts unifi-install.sh back to using setup_deb822_repo for consistency with all other install scripts.
2026-02-14 09:13:26 +01:00 · 2026-02-12 16:43:41 +01:00
parent 79fd0d1dda
commit 7ba4e5dbc9
1 changed files with 23 additions and 3 deletions
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -1294,12 +1294,32 @@ setup_deb822_repo() {
    return 1
  }

-  # Import GPG
-  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" || {
-    msg_error "Failed to import GPG key for ${name}"
+  # Import GPG key (auto-detect binary vs ASCII-armored format)
+  local tmp_gpg
+  tmp_gpg=$(mktemp) || return 1
+  curl -fsSL "$gpg_url" -o "$tmp_gpg" || {
+    msg_error "Failed to download GPG key for ${name}"
+    rm -f "$tmp_gpg"
    return 1
  }

+  if file "$tmp_gpg" | grep -qi 'PGP\|GPG\|public key'; then
+    # Already in binary GPG format — copy directly
+    cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || {
+      msg_error "Failed to install GPG key for ${name}"
+      rm -f "$tmp_gpg"
+      return 1
+    }
+  else
+    # ASCII-armored — dearmor to binary
+    gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || {
+      msg_error "Failed to dearmor GPG key for ${name}"
+      rm -f "$tmp_gpg"
+      return 1
+    }
+  fi
+  rm -f "$tmp_gpg"
+
  # Write deb822
  {
    echo "Types: deb"