From 824f867db0fbed90e37f02c0afc03bee71c7e0c5 Mon Sep 17 00:00:00 2001
From: Louis Qian <yuq4@illinois.edu>
Date: Sat, 1 Nov 2025 17:51:40 -0700
Subject: [PATCH 1/3] refactor: verify GPG keys func

---
 Sources/LinuxPlatform/Linux.swift | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/Sources/LinuxPlatform/Linux.swift b/Sources/LinuxPlatform/Linux.swift
index 59296d6f..7535b8d0 100644
--- a/Sources/LinuxPlatform/Linux.swift
+++ b/Sources/LinuxPlatform/Linux.swift
@@ -278,18 +278,7 @@ public struct Linux: Platform {
                 throw SwiftlyError(message: msg)
             }
 
-            let tmpFile = self.getTempFilePath()
-            try await fs.create(.mode(0o600), file: tmpFile, contents: nil)
-            try await fs.withTemporary(files: tmpFile) {
-                try await ctx.httpClient.getGpgKeys().download(to: tmpFile)
-                if let mockedHomeDir = ctx.mockedHomeDir {
-                    var env = ProcessInfo.processInfo.environment
-                    env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
-                    try await sys.gpg()._import(key: tmpFile).run(self, env: env, quiet: true)
-                } else {
-                    try await sys.gpg()._import(key: tmpFile).run(self, quiet: true)
-                }
-            }
+            try await importGpgKeys(ctx)
         }
 
         guard let manager = manager else {
@@ -436,6 +425,22 @@ public struct Linux: Platform {
         }
     }
 
+    /// Import Swift.org GPG keys for signature verification
+    private func importGpgKeys(_ ctx: SwiftlyCoreContext) async throws {
+        let tmpFile = self.getTempFilePath()
+        try await fs.create(.mode(0o600), file: tmpFile, contents: nil)
+        try await fs.withTemporary(files: tmpFile) {
+            try await ctx.httpClient.getGpgKeys().download(to: tmpFile)
+            if let mockedHomeDir = ctx.mockedHomeDir {
+                var env = ProcessInfo.processInfo.environment
+                env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
+                try await sys.gpg()._import(key: tmpFile).run(self, env: env, quiet: true)
+            } else {
+                try await sys.gpg()._import(key: tmpFile).run(self, quiet: true)
+            }
+        }
+    }
+
     public func verifySwiftlySignature(
         _ ctx: SwiftlyCoreContext, archiveDownloadURL: URL, archive: FilePath, verbose: Bool
     ) async throws {

From 3d501af9f29f8ea01f20b2d17def8d73dba181e3 Mon Sep 17 00:00:00 2001
From: Louis Qian <yuq4@illinois.edu>
Date: Sat, 1 Nov 2025 17:52:15 -0700
Subject: [PATCH 2/3] feat: import GPG keys when verify signatures

---
 Sources/LinuxPlatform/Linux.swift | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Sources/LinuxPlatform/Linux.swift b/Sources/LinuxPlatform/Linux.swift
index 7535b8d0..2898b901 100644
--- a/Sources/LinuxPlatform/Linux.swift
+++ b/Sources/LinuxPlatform/Linux.swift
@@ -401,6 +401,9 @@ public struct Linux: Platform {
     public func verifyToolchainSignature(
         _ ctx: SwiftlyCoreContext, toolchainFile: ToolchainFile, archive: FilePath, verbose: Bool
     ) async throws {
+        // Ensure GPG keys are imported before attempting signature verification
+        try await importGpgKeys(ctx)
+        
         if verbose {
             await ctx.message("Downloading toolchain signature...")
         }
@@ -444,6 +447,9 @@ public struct Linux: Platform {
     public func verifySwiftlySignature(
         _ ctx: SwiftlyCoreContext, archiveDownloadURL: URL, archive: FilePath, verbose: Bool
     ) async throws {
+        // Ensure GPG keys are imported before attempting signature verification
+        try await importGpgKeys(ctx)
+        
         if verbose {
             await ctx.message("Downloading swiftly signature...")
         }

From 58f4b297ed148edbd9dd5185cb3d7ad57f509b5e Mon Sep 17 00:00:00 2001
From: Louis Qian <yuq4@illinois.edu>
Date: Fri, 7 Nov 2025 22:15:01 -0800
Subject: [PATCH 3/3] fix: use inherit env

---
 Sources/LinuxPlatform/Linux.swift | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Sources/LinuxPlatform/Linux.swift b/Sources/LinuxPlatform/Linux.swift
index c471ee68..298be715 100644
--- a/Sources/LinuxPlatform/Linux.swift
+++ b/Sources/LinuxPlatform/Linux.swift
@@ -453,9 +453,7 @@ public struct Linux: Platform {
         try await fs.withTemporary(files: tmpFile) {
             try await ctx.httpClient.getGpgKeys().download(to: tmpFile)
             if let mockedHomeDir = ctx.mockedHomeDir {
-                var env = ProcessInfo.processInfo.environment
-                env["GNUPGHOME"] = (mockedHomeDir / ".gnupg").string
-                try await sys.gpg()._import(key: tmpFile).run(environment: .init(env), quiet: true)
+                try await sys.gpg()._import(key: tmpFile).run(environment: .inherit.updating(["GNUPGHOME": (mockedHomeDir / ".gnupg").string]), quiet: true)
             } else {
                 try await sys.gpg()._import(key: tmpFile).run(quiet: true)
             }