From 78c16e39e28fadced6fee290cf570836f4f76858 Mon Sep 17 00:00:00 2001
From: Gray Gilmore <graygilmore@gmail.com>
Date: Tue, 7 Apr 2026 14:05:11 -0700
Subject: [PATCH] Fix Chrome GPG key import for Bookworm

The raw signing key needs to be dearmored into a binary GPG keyring for the signed-by directive to work. Without this, apt can't verify the Chrome repo signature.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 Dockerfile.base | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.base b/Dockerfile.base
index a9deac1..ca7990a 100644
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -12,7 +12,7 @@ RUN apt-get update \
     && rbenv global 3.2.0
 
 # Install latest chrome stable package (using signed-by for Bookworm compatibility).
-RUN wget -q -O /usr/share/keyrings/google-chrome.gpg https://dl-ssl.google.com/linux/linux_signing_key.pub \
+RUN wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome.gpg \
     && echo "deb [arch=amd64 signed-by=/usr/share/keyrings/google-chrome.gpg] http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
     && apt-get update \
     && apt-get install -y google-chrome-stable --no-install-recommends \