installing with add-apt-repository ppa:yuezk/globalprotect-openconnect uses wrong pubring

[gurucubano]

Describe the bug

I'm using fine gpclient on FreeBSD (and I'm the maintainer of the port security/globalprotect-openconnect). I want to install it in my Purism L5 mobile phone, which runs PureOS, a Debian flavor. So I cloned the git repository and followed the instruction in README.md. The following command gives an issue:

sudo add-apt-repository ppa:yuezk/globalprotect-openconnect
 A GlobalProtect VPN client (GUI) for Linux, based on OpenConnect and Tauri, supports SSO authentication mode.
 More info: https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect
Press [ENTER] to continue or ctrl-c to cancel adding it

gpg: keybox '/tmp/tmpg1qu3w0w/pubring.gpg' created
gpg: /tmp/tmpg1qu3w0w/trustdb.gpg: trustdb created
gpg: key 53FC26B43838D761: public key "Launchpad PPA for Kevin Yue" imported
gpg: Total number processed: 1
gpg:               imported: 1
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
gpg: no valid OpenPGP data found.

My GnuPG environment using an OpenPGP smart card is fine and can decrypt passwords, for example:

purism@pureos:~/guru$ ls -l /home/purism/.gnupg/trustdb.gpg 
-rw------- 1 purism purism 1440 May 12 12:36 /home/purism/.gnupg/trustdb.gpg

purism@pureos:~/guru$ pass test
secret

Why the above installation is using a temp. trustdb.gpg file?

[yuezk]

I just published the client to the PPA, and the user needs to run add-apt-repository to add it. The error reported may related to the apt command. See https://itsfoss.com/apt-key-deprecated/

[gurucubano]

It seems that

add-apt-repository -m ppa:yuezk/globalprotect-openconnect

adds the public key to a temp. file, while it should go into:

ls -l `pwd`/y*
-rw-r--r-- 1 root root 0 Jun 23 11:37 /etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg

Can you please send me an URL of the public key to fetch it with curl and import it by hand..

[yuezk]

Try this? https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x7937c393082992e5d6e4a60453fc26b43838d761

[gurucubano]

Running the above command, a part of the warning, results in an empty keyring file

purism@pureos:~$ ls -l /etc/apt/trusted.gpg.d/
...
-rw-r--r-- 1 root root 2332 Mar 18  2023 debian-archive-buster-stable.gpg
-rw-r--r-- 1 root root 2252 Jun 23  2023 pureos-archive-keyring.gpg
-rw-r--r-- 1 root root    0 Jun 23 11:37 yuezk_ubuntu_globalprotect-openconnect.gpg

I fetched the key and loaded it by hand:

purism@pureos:~$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg add publicKeyGlobalProtect
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
OK
purism@pureos:~$ sudo apt-key --keyring /etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/yuezk_ubuntu_globalprotect-openconnect.gpg
-----------------------------------------------------------------
pub   rsa4096 2020-06-07 [SC]
      7937 C393 0829 92E5 D6E4  A604 53FC 26B4 3838 D761
uid           [ unknown] Launchpad PPA for Kevin Yue


purism@pureos:~$  sudo apt-get update
Get:1 http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu oracular InRelease [17.9 kB]
Get:2 https://repo.pureos.net/pureos byzantium InRelease [9,641 B]
Get:3 https://repo.pureos.net/pureos byzantium-updates InRelease [9,649 B]
Get:4 https://repo.pureos.net/pureos byzantium-security InRelease [9,650 B]
Fetched 46.8 kB in 4s (11.9 kB/s)
Reading package lists... Done

purism@pureos:~$ sudo apt-get install globalprotect-openconnect
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package globalprotect-openconnect

i.e. the repo is seen (Get: 1...)

[yuezk]

Looks the apt is good now. But the PPA release is only for Ubuntu variants. So it couldn't find http://ppa.launchpad.net/yuezk/globalprotect-openconnect/ubuntu oracular

Can you download them from the release page and install them using apt?

[gurucubano]

Did so, but

purism@pureos:~$ sudo apt-get install /home/purism/globalprotect-openconnect_2.3.3-1_arm64.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'globalprotect-openconnect' instead of '/home/purism/globalprotect-openconnect_2.3.3-1_arm64.deb'
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 globalprotect-openconnect : Depends: libopenconnect5 (>= 8.20) but 8.10-2+b1 is to be installed
                             Depends: openconnect (>= 8.20) but 8.10-2+b1 is to be installed
E: Unable to correct problems, you have held broken packages.

[yuezk]

This client depends on openconnect >= 8.20, while your version is 8.10

You can try to download the openconnect 9.12 binary from https://launchpad.net/~yuezk/+archive/ubuntu/globalprotect-openconnect/+packages. And check if you can install them manually.