From 2423fc18c5925292f410cbaea1fee6a76fa4e620 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alexis=20M=C3=A9taireau?= <alexis@freedom.press>
Date: Wed, 15 Jan 2025 19:14:53 +0100
Subject: [PATCH] CI: Store the signature key using the base64 format

The GPG binary format used until now doesn't seem to please `sqv` which
is now used by default on debian trixie.

Fixes #1052
---
 .github/workflows/check_repos.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check_repos.yml b/.github/workflows/check_repos.yml
index db33f9a..ee0489f 100644
--- a/.github/workflows/check_repos.yml
+++ b/.github/workflows/check_repos.yml
@@ -53,8 +53,13 @@ jobs:
           gpg --keyserver hkps://keys.openpgp.org \
               --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
               --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
+
+          # Export the GPG key in armor mode because sequoia needs it this way
+          # (sqv is used on debian trixie by default to check the keys)
           mkdir -p /etc/apt/keyrings/
-          mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings
+          gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+              --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
+              > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
 
       - name: Add packages.freedom.press to our APT sources
         run: |