swiftly self-update fails with GPG verification error due to missing keys #443
Description
Problem
Running swiftly self-update fails with Error: Signature verification failed: RunProgramError(exitCode: 2, program: "gpg") after successfully downloading the new version (1.1.0).
This occurs because Swiftly attempts to verify the signature but Swift.org's public GPG keys are not available in the user's keyring - and Swiftly never imports them.
Reproduction Script
#!/bin/bash # Minimal Swiftly self-update GPG failure repro set -e podman run --rm -i ubuntu:22.04 bash << 'EOF' set -e # Install dependencies echo "> Installing dependencies..." apt-get update -qq apt-get install -y -qq curl gnupg2 tar > /dev/null 2>&1 # Temporary GPG home export GNUPGHOME="$(mktemp -d)" # Download Swiftly echo "" echo "> Downloading Swiftly..." SWIFTLY_VERSION="1.0.1" SWIFTLY_URL="https://download.swift.org/swiftly/linux/swiftly-${SWIFTLY_VERSION}-$(uname -m).tar.gz" mkdir -p .swiftly/bin curl -fsSL "$SWIFTLY_URL" -o swiftly.tar.gz tar -xzf swiftly.tar.gz -C .swiftly/bin chmod +x .swiftly/bin/swiftly rm swiftly.tar.gz echo "Swiftly downloaded" # Initialize Swiftly (creates ~/.local/share/swiftly) echo "" echo "> Initializing Swiftly..." .swiftly/bin/swiftly init --no-modify-profile --skip-install --assume-yes echo "Swiftly initialized" # Source the env.sh created by init so swiftly is in PATH . "/root/.local/share/swiftly/env.sh" # Attempt self-update (this reproduces the GPG verification failure) echo "" echo "> Attempting self-update..." swiftly self-update --assume-yes EOF Script Output
➜ ~ ./swiftly_issue_reproduction.sh > Installing dependencies... > Downloading Swiftly... Swiftly downloaded > Initializing Swiftly... Installing swiftly in /root/.local/share/swiftly/bin/swiftly... Creating shell environment file for the user... To begin using installed swiftly from your current shell, first run the following command: # Added by swiftly . "/root/.local/share/swiftly/env.sh" Swiftly initialized > Attempting self-update... Checking for swiftly updates... A new version is available: 1.1.0 Downloading swiftly 1.1.0 23%: Downloaded 6.3 MiB of 26.4 MiB 72%: Downloaded 19.1 MiB of 26.4 MiB 100%: Downloaded 26.4 MiB of 26.4 MiB Error: Signature verification failed: RunProgramError(exitCode: 2, program: "gpg"). Verifying toolchain signature... ➜ ~