Skip to content

fix: Pass GPG key ids as separate arguments when exporting. #426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jul 18, 2025

Conversation

thresheek
Copy link
Member

This makes sure all keys are exported to a keyring archive, as opposed to only the first key.

@Copilot Copilot AI review requested due to automatic review settings July 18, 2025 18:47
@thresheek thresheek requested a review from a team as a code owner July 18, 2025 18:47
Copy link

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a bug in GPG key export functionality by removing quotes around the $NGINX_GPGKEYS variable, allowing multiple GPG key IDs to be passed as separate arguments to the gpg1 --export command instead of being treated as a single string.

  • Removes quotes from $NGINX_GPGKEYS variable in gpg1 export command
  • Ensures all GPG keys are exported to the keyring archive rather than just the first key

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
Dockerfile.plus Updates gpg1 export command to properly handle multiple GPG key IDs
Dockerfile.buildkit.plus Updates gpg1 export command to properly handle multiple GPG key IDs

@@ -56,7 +56,7 @@ RUN set -x \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
done; \
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \
Copy link
Preview

Copilot AI Jul 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The unquoted variable $NGINX_GPGKEYS could cause issues if any key IDs contain spaces or special characters. Consider using an array or ensuring the variable contains only safe characters.

Suggested change
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \

Copilot uses AI. Check for mistakes.

@@ -56,7 +56,7 @@ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \
done; \
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \
Copy link
Preview

Copilot AI Jul 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The unquoted variable $NGINX_GPGKEYS could cause issues if any key IDs contain spaces or special characters. Consider using an array or ensuring the variable contains only safe characters.

Suggested change
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \
gpg1 --export "${NGINX_GPGKEYS[@]}" > "$NGINX_GPGKEY_PATH" ; \

Copilot uses AI. Check for mistakes.

@alessfg alessfg changed the title Pass GPG key ids as separate arguments when exporting. fix: Pass GPG key ids as separate arguments when exporting. Jul 18, 2025
@alessfg alessfg enabled auto-merge July 18, 2025 21:38
@alessfg alessfg added the bug Something isn't working label Jul 18, 2025
This makes sure all keys are exported to a keyring archive, as opposed
to only the first key.
@alessfg alessfg force-pushed the dev/gpgkeys-plus branch from ce2aa73 to 50da01f Compare July 18, 2025 22:14
@alessfg alessfg disabled auto-merge July 18, 2025 22:34
@alessfg alessfg merged commit fc0e83f into main Jul 18, 2025
10 checks passed
@alessfg alessfg deleted the dev/gpgkeys-plus branch July 18, 2025 22:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants