From 7ba4e5dbc9805e3bc55d6f45aa580f08a439b35b Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Thu, 12 Feb 2026 16:43:41 +0100 Subject: [PATCH] fix(tools): auto-detect binary vs armored GPG keys in setup_deb822_repo The UniFi GPG key at dl.ui.com/unifi/unifi-repo.gpg is already in binary format. setup_deb822_repo unconditionally ran gpg --dearmor which expects ASCII-armored input, corrupting binary keys and causing apt to fail with 'Unable to locate package unifi'. setup_deb822_repo now downloads the key to a temp file first and uses the file command to detect whether it is already a binary PGP/GPG key. Binary keys are copied directly; armored keys are dearmored as before. This also reverts unifi-install.sh back to using setup_deb822_repo for consistency with all other install scripts. --- misc/tools.func | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/misc/tools.func b/misc/tools.func index 8ab8befd9..48d529361 100644 --- a/misc/tools.func +++ b/misc/tools.func @@ -1294,12 +1294,32 @@ setup_deb822_repo() { return 1 } - # Import GPG - curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" || { - msg_error "Failed to import GPG key for ${name}" + # Import GPG key (auto-detect binary vs ASCII-armored format) + local tmp_gpg + tmp_gpg=$(mktemp) || return 1 + curl -fsSL "$gpg_url" -o "$tmp_gpg" || { + msg_error "Failed to download GPG key for ${name}" + rm -f "$tmp_gpg" return 1 } + if file "$tmp_gpg" | grep -qi 'PGP\|GPG\|public key'; then + # Already in binary GPG format — copy directly + cp "$tmp_gpg" "/etc/apt/keyrings/${name}.gpg" || { + msg_error "Failed to install GPG key for ${name}" + rm -f "$tmp_gpg" + return 1 + } + else + # ASCII-armored — dearmor to binary + gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" < "$tmp_gpg" || { + msg_error "Failed to dearmor GPG key for ${name}" + rm -f "$tmp_gpg" + return 1 + } + fi + rm -f "$tmp_gpg" + # Write deb822 { echo "Types: deb"