ynh_add_secure_repos__2 and gpg armored key

[yalh76]

gpg repository key are sometimes provided "ascii armored". Explanations: https://wiki.debian.org/DebianRepository/UseThirdParty

Example: for Yarn installation the key https://dl.yarnpkg.com/debian/pubkey.gpg is an ascii armored key

If I do a ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" There is an error:

WARNING W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
WARNING W: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.

They shoud provide that key as https://dl.yarnpkg.com/debian/pubkey.asc but they don't....

A solution would be to do a dearmor of all keys: L146 having wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg Tested for Yarn repository and working and seems ok to dearmor a key not armored

[maniackcrudelis]

... apt-key is supposed to be deprecated, and yet we can't simply add keys to trusted.gpg.d as asked...

Are you sure gpg --dearmor will work on any key ? Even if not armored ?

[yalh76]

I just made one test using https://github.com/YunoHost-Apps/Experimental_helpers/blob/8ce0b21e65c232e73e81c2e556153228c355ba26/ynh_install_php/ynh_install_php#L19

In my mastodon_ynh, I added: ynh_install_extra_repo --repo="https://packages.sury.org/php/ stretch main" --key="https://packages.sury.org/php/apt.gpg" That key is not armored

And after installation:

• apt get update show me sury.org repository
• i'm able to install for example libpcre2-8-0

So I'm like 75% sure that it could work on any key.... But my Debian skills are like beginner skills

[maniackcrudelis]

Ok, let's update the helper then.