From 85d13d5aa4be884d8ec527c781f8f614ecb2e45e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Thu, 14 Mar 2024 14:21:23 +0100
Subject: [PATCH] sops-install-secrets: also write out pubring to make gnupg
 happy

---
 pkgs/sops-install-secrets/main.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go
index d85f62a..103323d 100644
--- a/pkgs/sops-install-secrets/main.go
+++ b/pkgs/sops-install-secrets/main.go
@@ -605,11 +605,20 @@ func pruneGenerations(secretsMountPoint, secretsDir string, keepGenerations int)
 
 func importSSHKeys(logcfg loggingConfig, keyPaths []string, gpgHome string) error {
 	secringPath := filepath.Join(gpgHome, "secring.gpg")
+	pubringPath := filepath.Join(gpgHome, "pubring.gpg")
 
 	secring, err := os.OpenFile(secringPath, os.O_WRONLY|os.O_CREATE, 0o600)
 	if err != nil {
 		return fmt.Errorf("Cannot create %s: %w", secringPath, err)
 	}
+	defer secring.Close()
+
+	pubring, err := os.OpenFile(pubringPath, os.O_WRONLY|os.O_CREATE, 0o600)
+	if err != nil {
+		return fmt.Errorf("Cannot create %s: %w", pubringPath, err)
+	}
+	defer pubring.Close()
+
 	for _, p := range keyPaths {
 		sshKey, err := os.ReadFile(p)
 		if err != nil {
@@ -627,6 +636,11 @@ func importSSHKeys(logcfg loggingConfig, keyPaths []string, gpgHome string) erro
 			continue
 		}
 
+		if err := gpgKey.Serialize(pubring); err != nil {
+			fmt.Fprintf(os.Stderr, "Cannot write pubring: %s\n", err)
+			continue
+		}
+
 		if logcfg.KeyImport {
 			fmt.Printf("%s: Imported %s as GPG key with fingerprint %s\n", path.Base(os.Args[0]), p, hex.EncodeToString(gpgKey.PrimaryKey.Fingerprint[:]))
 		}