From 2118e9a2189201bee370b139f6b6d97fdf69428d Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Sat, 30 Mar 2024 09:36:14 -0300
Subject: [PATCH] fix(apk): always append .rsa.pub to key name (#808)

---
 apk/apk.go      |  5 ++++-
 apk/apk_test.go | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/apk/apk.go b/apk/apk.go
index d2c987b4..b715b8c9 100644
--- a/apk/apk.go
+++ b/apk/apk.go
@@ -281,7 +281,10 @@ func createSignatureBuilder(digest []byte, info *nfpm.Info) func(*tar.Writer) er
 				return errNoKeyAddress
 			}
 
-			keyname = addr.Address + ".rsa.pub"
+			keyname = addr.Address
+		}
+		if !strings.HasSuffix(keyname, ".rsa.pub") {
+			keyname += ".rsa.pub"
 		}
 
 		// In principle apk supports RSA signatures over SHA256/512 keys, but in
diff --git a/apk/apk_test.go b/apk/apk_test.go
index b3b69005..a0ce0a2e 100644
--- a/apk/apk_test.go
+++ b/apk/apk_test.go
@@ -315,6 +315,28 @@ func TestControl(t *testing.T) {
 	require.Equal(t, string(bts), w.String())
 }
 
+func TestSignatureName(t *testing.T) {
+	info := exampleInfo()
+	info.APK.Signature.KeyFile = "../internal/sign/testdata/rsa.priv"
+	info.APK.Signature.KeyName = "testkey"
+	info.APK.Signature.KeyPassphrase = "hunter2"
+	err := nfpm.PrepareForPackager(info, "apk")
+	require.NoError(t, err)
+
+	digest := sha1.New().Sum(nil) // nolint:gosec
+
+	var signatureTarGz bytes.Buffer
+	tw := tar.NewWriter(&signatureTarGz)
+	require.NoError(t, createSignatureBuilder(digest, info)(tw))
+
+	signature := extractFromTar(t, signatureTarGz.Bytes(), ".SIGN.RSA.testkey.rsa.pub")
+	err = sign.RSAVerifySHA1Digest(digest, signature, "../internal/sign/testdata/rsa.pub")
+	require.NoError(t, err)
+
+	err = Default.Package(info, io.Discard)
+	require.NoError(t, err)
+}
+
 func TestSignature(t *testing.T) {
 	info := exampleInfo()
 	info.APK.Signature.KeyFile = "../internal/sign/testdata/rsa.priv"