From cb14af2494b1739a3f779be633246f7eb7d4289e Mon Sep 17 00:00:00 2001
From: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Date: Thu, 10 Nov 2022 22:45:22 +0530
Subject: [PATCH] make gpg signing more robust for bootstrap

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
---
 pkg/bootstrap/bootstrap_plain_git.go | 10 +++++++++-
 pkg/bootstrap/options.go             |  2 +-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/pkg/bootstrap/bootstrap_plain_git.go b/pkg/bootstrap/bootstrap_plain_git.go
index bc721b6416..b1dcf71afd 100644
--- a/pkg/bootstrap/bootstrap_plain_git.go
+++ b/pkg/bootstrap/bootstrap_plain_git.go
@@ -430,13 +430,21 @@ func getOpenPgpEntity(keyRing openpgp.EntityList, passphrase, keyID string) (*op
 
 	var entity *openpgp.Entity
 	if keyID != "" {
+		if strings.HasPrefix(keyID, "0x") {
+			keyID = strings.TrimPrefix(keyID, "0x")
+		}
+		if len(keyID) != 16 {
+			return nil, fmt.Errorf("invalid GPG key id length; expected %d, got %d", 16, len(keyID))
+		}
+		keyID = strings.ToUpper(keyID)
+
 		for _, ent := range keyRing {
 			if ent.PrimaryKey.KeyIdString() == keyID {
 				entity = ent
 			}
 		}
 
-		if entity == nil {
+		if entity == nil || entity.PrivateKey == nil {
 			return nil, fmt.Errorf("no GPG private key matching key id '%s' found", keyID)
 		}
 	} else {
diff --git a/pkg/bootstrap/options.go b/pkg/bootstrap/options.go
index c9ea0f8132..8b6ee790ae 100644
--- a/pkg/bootstrap/options.go
+++ b/pkg/bootstrap/options.go
@@ -155,7 +155,7 @@ func LoadEntityListFromPath(path string) (openpgp.EntityList, error) {
 	}
 	entityList, err := openpgp.ReadKeyRing(r)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("unable to read GPG key ring: %w", err)
 	}
 	return entityList, nil
 }