Fix GPG Key Import Error

[techman83]

GPG wasn't working with how the private key was being retrieved from however the key was being exposed resulting in nothing being imported.

Run echo -e "$DEBIAN_PRIVATE_KEY" | gpg --batch --import
gpg: directory '/github/home/.gnupg' created
gpg: keybox '/github/home/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

The base64 encoded export (gpg --export-secret-keys debian@ksp-ckan.space|base64) seems to work just fine.

Run printf "$DEBIAN_PRIVATE_KEY" | base64 --decode | gpg --batch --import
gpg: directory '/github/home/.gnupg' created
gpg: keybox '/github/home/.gnupg/pubring.kbx' created
gpg: /github/home/.gnupg/trustdb.gpg: trustdb created
gpg: key 20338C5DC15BF412: public key "KSP CKAN <debian@ksp-ckan.space>" imported
gpg: key 20338C5DC15BF412: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
/github/home/.gnupg/pubring.kbx
-------------------------------
sec   rsa3072/20338C5DC15BF412 2020-11-19 [SC] [expires: 2022-11-19]
      4A7DA73A1C091FC6AC7FF24120338C5DC15BF412
uid                 [ unknown] KSP CKAN <debian@ksp-ckan.space>
ssb   rsa3072/59167D3E3035FA8B 2020-11-19 [E]

All packages listed in packages.config are already installed.

----------------------------------------
Setup
----------------------------------------

========================================
deb-sign
========================================
gpg --clearsign -o ../_build/deb/apt-repo-dist/InRelease ../_build/deb/apt-repo-dist/Release
gpg -abs -o ../_build/deb/apt-repo-dist/Release.gpg ../_build/deb/apt-repo-dist/Release

----------------------------------------
Teardown
----------------------------------------

I've adjusted the expiry as it probably isn't necessary for this use case.

[HebaruSan]

printf interprets its first argument specially, as a format string, so it will do weird things if our file ever contains a percent sign character. Is there a reason you chose that command?

• https://man7.org/linux/man-pages/man1/printf.1.html

[techman83]

I was following some posts relating to importing this and it worked. Being a base64 encoded string, a percent sign shall not be an issue.

➜  ~ echo "%cats%"       
%cats%
➜  ~ echo "%cats%"|base64
JWNhdHMlCg==

[HebaruSan]

Try those commands wtih printf. We should use the command that does what we want, which is echo.

[HebaruSan]

Or another option is no command at all, with here-strings:

• https://tldp.org/LDP/abs/html/x17837.html

base64 --decode <<<"$DEBIAN_PRIVATE_KEY" | gpg --batch --import

[techman83]

Happy for you to go with whatever seems the neatest, if it doesn't work we can always change it. The no command at all seems pretty good to me.

[HebaruSan]

Works! Just a few loose ends to tie up.

W: Invalid 'Date' entry in Release file /var/lib/apt/lists/ksp-ckan.s3-us-west-2.amazonaws.com_deb_dists_nightly_InRelease
W: Conflicting distribution: https://ksp-ckan.s3-us-west-2.amazonaws.com/deb nightly InRelease (expected nightly but got )
N: Skipping acquire of configured file 'main/binary-amd64/Packages' as repository 'https://ksp-ckan.s3-us-west-2.amazonaws.com/deb nightly InRelease' doesn't support architecture 'amd64'
N: Skipping acquire of configured file 'main/binary-i386/Packages' as repository 'https://ksp-ckan.s3-us-west-2.amazonaws.com/deb nightly InRelease' doesn't support architecture 'i386'