-
Notifications
You must be signed in to change notification settings - Fork 148
fix: Pass GPG key ids as separate arguments when exporting. #426
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR fixes a bug in GPG key export functionality by removing quotes around the $NGINX_GPGKEYS
variable, allowing multiple GPG key IDs to be passed as separate arguments to the gpg1 --export
command instead of being treated as a single string.
- Removes quotes from
$NGINX_GPGKEYS
variable in gpg1 export command - Ensures all GPG keys are exported to the keyring archive rather than just the first key
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
File | Description |
---|---|
Dockerfile.plus | Updates gpg1 export command to properly handle multiple GPG key IDs |
Dockerfile.buildkit.plus | Updates gpg1 export command to properly handle multiple GPG key IDs |
@@ -56,7 +56,7 @@ RUN set -x \ | |||
done; \ | |||
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ | |||
done; \ | |||
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ | |||
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unquoted variable $NGINX_GPGKEYS could cause issues if any key IDs contain spaces or special characters. Consider using an array or ensuring the variable contains only safe characters.
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ | |
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ |
Copilot uses AI. Check for mistakes.
@@ -56,7 +56,7 @@ RUN --mount=type=secret,id=nginx-crt,dst=nginx-repo.crt \ | |||
done; \ | |||
test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; \ | |||
done; \ | |||
gpg1 --export "$NGINX_GPGKEYS" > "$NGINX_GPGKEY_PATH" ; \ | |||
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unquoted variable $NGINX_GPGKEYS could cause issues if any key IDs contain spaces or special characters. Consider using an array or ensuring the variable contains only safe characters.
gpg1 --export $NGINX_GPGKEYS > "$NGINX_GPGKEY_PATH" ; \ | |
gpg1 --export "${NGINX_GPGKEYS[@]}" > "$NGINX_GPGKEY_PATH" ; \ |
Copilot uses AI. Check for mistakes.
This makes sure all keys are exported to a keyring archive, as opposed to only the first key.
ce2aa73
to
50da01f
Compare
This makes sure all keys are exported to a keyring archive, as opposed to only the first key.