Fix CF CLI GPG key installation for modern apt#1934
Conversation
The GPG key must be converted to binary format using gpg --dearmor and stored in /usr/share/keyrings/ for modern apt to recognize it.
There was a problem hiding this comment.
Pull request overview
This PR fixes the CloudFoundry CLI GPG key installation to be compatible with modern apt by converting the ASCII-armored GPG key to binary format using gpg --dearmor and storing it in the recommended /usr/share/keyrings/ directory.
- Converts GPG key from ASCII-armored to binary format using
gpg --dearmor - Updates key storage location from
/etc/apt/trusted.gpg.d/to/usr/share/keyrings/ - Updates the
signed-bypath in the apt sources list configuration
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| sudo mkdir -p /etc/apt/trusted.gpg.d | ||
| sudo wget -q -O /etc/apt/trusted.gpg.d/cloudfoundry-cli.gpg https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | ||
| echo "deb [signed-by=/etc/apt/trusted.gpg.d/cloudfoundry-cli.gpg] https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | ||
| # Download and convert the GPG key to binary format for modern apt |
There was a problem hiding this comment.
The directory /usr/share/keyrings/ may not exist in all environments. The previous code created /etc/apt/trusted.gpg.d with mkdir -p before writing the key file. Consider adding a directory creation step before the gpg command to ensure reliability across different base images. For example: sudo mkdir -p /usr/share/keyrings before the wget/gpg command.
| # Download and convert the GPG key to binary format for modern apt | |
| # Download and convert the GPG key to binary format for modern apt | |
| sudo mkdir -p /usr/share/keyrings |
| # Install Cloud Foundry CLI repository key using modern signed-by mechanism | ||
| sudo wget -q -O /etc/apt/trusted.gpg.d/cloudfoundry-cli.gpg https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | ||
| echo "deb [signed-by=/etc/apt/trusted.gpg.d/cloudfoundry-cli.gpg] https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list | ||
| # Download and convert the GPG key to binary format for modern apt |
There was a problem hiding this comment.
The directory /usr/share/keyrings/ may not exist in all environments. The previous code created /etc/apt/trusted.gpg.d with mkdir -p before writing the key file. Consider adding a directory creation step before the gpg command to ensure reliability across different base images. For example: sudo mkdir -p /usr/share/keyrings before the wget/gpg command.
| # Download and convert the GPG key to binary format for modern apt | |
| # Download and convert the GPG key to binary format for modern apt | |
| sudo mkdir -p /usr/share/keyrings |
1 participant
Summary
Fix the GPG key installation for CloudFoundry CLI to work with modern apt.
Problem
The previous fix saved the ASCII-armored GPG key directly as a
.gpgfile, but modern apt requires the key to be in binary format.Error was:
Fix
gpg --dearmorto convert the key to binary format/usr/share/keyrings/(preferred location for modern apt)