From 801240703eb78c8e46323cacad5c5f9196c598a1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 25 Jun 2026 12:40:04 +0000 Subject: [PATCH] fix: use --homedir flag instead of GNUPGHOME env var for Windows GPG compatibility The Git-bundled GPG on Windows (MSYS2-based) does not automatically convert Windows-style paths in environment variables like GNUPGHOME. This caused GPG to fail with exit code 2 when verifying Microsoft JDK signatures on Windows, because the GNUPGHOME path (D:\a\_temp\...) was not recognized as a valid POSIX path. Fix: pass --homedir as an explicit command-line argument to both gpg --import and gpg --verify. MSYS2 does correctly convert Windows paths in command-line arguments, so this approach works reliably on Windows, Linux, and macOS. --- __tests__/gpg.test.ts | 17 +++++++++++++++-- dist/cleanup/index.js | 7 +++---- dist/setup/index.js | 7 +++---- src/gpg.ts | 12 +++++++----- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/__tests__/gpg.test.ts b/__tests__/gpg.test.ts index cf72803e..d8f14494 100644 --- a/__tests__/gpg.test.ts +++ b/__tests__/gpg.test.ts @@ -76,13 +76,26 @@ describe('gpg tests', () => { expect(exec.exec).toHaveBeenNthCalledWith( 1, 'gpg', - ['--batch', '--import', expect.stringContaining('public-key.asc')], + [ + '--homedir', + expect.any(String), + '--batch', + '--import', + expect.stringContaining('public-key.asc') + ], expect.objectContaining({silent: true}) ); expect(exec.exec).toHaveBeenNthCalledWith( 2, 'gpg', - ['--batch', '--verify', '/tmp/jdk.tar.gz.sig', '/tmp/jdk.tar.gz'], + [ + '--homedir', + expect.any(String), + '--batch', + '--verify', + '/tmp/jdk.tar.gz.sig', + '/tmp/jdk.tar.gz' + ], expect.objectContaining({silent: true}) ); }); diff --git a/dist/cleanup/index.js b/dist/cleanup/index.js index 18ac0774..c32109fd 100644 --- a/dist/cleanup/index.js +++ b/dist/cleanup/index.js @@ -52374,13 +52374,12 @@ function verifyPackageSignature(archivePath, signatureUrl, publicKeyContent) { } throw new Error(`Failed to create temporary GPG home directory for signature verification: ${error.message}`); } - const env = Object.assign(Object.assign({}, process.env), { GNUPGHOME: gpgHome }); try { const publicKeyFile = path.join(gpgHome, 'public-key.asc'); fs.writeFileSync(publicKeyFile, publicKeyContent, { encoding: 'utf-8' }); - const options = { silent: true, env }; - yield exec.exec('gpg', ['--batch', '--import', publicKeyFile], options); - yield exec.exec('gpg', ['--batch', '--verify', signaturePath, archivePath], options); + const options = { silent: true }; + yield exec.exec('gpg', ['--homedir', gpgHome, '--batch', '--import', publicKeyFile], options); + yield exec.exec('gpg', ['--homedir', gpgHome, '--batch', '--verify', signaturePath, archivePath], options); } finally { yield io.rmRF(signaturePath); diff --git a/dist/setup/index.js b/dist/setup/index.js index 4c999d79..f8d12d87 100644 --- a/dist/setup/index.js +++ b/dist/setup/index.js @@ -81154,13 +81154,12 @@ function verifyPackageSignature(archivePath, signatureUrl, publicKeyContent) { } throw new Error(`Failed to create temporary GPG home directory for signature verification: ${error.message}`); } - const env = Object.assign(Object.assign({}, process.env), { GNUPGHOME: gpgHome }); try { const publicKeyFile = path.join(gpgHome, 'public-key.asc'); fs.writeFileSync(publicKeyFile, publicKeyContent, { encoding: 'utf-8' }); - const options = { silent: true, env }; - yield exec.exec('gpg', ['--batch', '--import', publicKeyFile], options); - yield exec.exec('gpg', ['--batch', '--verify', signaturePath, archivePath], options); + const options = { silent: true }; + yield exec.exec('gpg', ['--homedir', gpgHome, '--batch', '--import', publicKeyFile], options); + yield exec.exec('gpg', ['--homedir', gpgHome, '--batch', '--verify', signaturePath, archivePath], options); } finally { yield io.rmRF(signaturePath); diff --git a/src/gpg.ts b/src/gpg.ts index 650476a1..1086fdce 100644 --- a/src/gpg.ts +++ b/src/gpg.ts @@ -78,16 +78,18 @@ export async function verifyPackageSignature( }` ); } - const env = {...process.env, GNUPGHOME: gpgHome}; - try { const publicKeyFile = path.join(gpgHome, 'public-key.asc'); fs.writeFileSync(publicKeyFile, publicKeyContent, {encoding: 'utf-8'}); - const options: ExecOptions = {silent: true, env}; - await exec.exec('gpg', ['--batch', '--import', publicKeyFile], options); + const options: ExecOptions = {silent: true}; await exec.exec( 'gpg', - ['--batch', '--verify', signaturePath, archivePath], + ['--homedir', gpgHome, '--batch', '--import', publicKeyFile], + options + ); + await exec.exec( + 'gpg', + ['--homedir', gpgHome, '--batch', '--verify', signaturePath, archivePath], options ); } finally {