mirror of
https://github.com/fluxcd/flux2.git
synced 2026-06-28 18:05:08 +00:00
2ca3468423
`SelectOpenPGPSigningEntity` selects `keyRing[0]` when no key id is supplied and then calls `entity.PrivateKey.Decrypt` directly. For a keyring that contains only public keys — e.g. an armor-exported public key file — `PrivateKey` is `nil` and the call panics with a nil pointer dereference rather than surfacing an actionable error. The keyed branch already guards against this; the default branch did not. Guard the default branch with the same nil check and return an error pointing at `gpg --export-secret-keys` or `--gpg-key-id` so the user knows how to recover. Cover the public-only-keyring case in `TestSelectOpenPGPSigningEntity` so a future regression cannot re-introduce the panic. Assisted-by: claude/opus-4.7 Signed-off-by: Hidde Beydals <hidde@hhh.computer> |
||
|---|---|---|
| .. | ||
| provider | ||
| bootstrap.go | ||
| bootstrap_plain_git.go | ||
| bootstrap_provider.go | ||
| bootstrap_test.go | ||
| options.go | ||