Unclear error when signing APK packages

[jsirianni]

When building APK packages, I get an error that is not very clear. When I build DEB and RPM, I do not get an error and the output files seem correct.

My config:

name: "foo"
arch: "amd64"
platform: "linux"
version: "v1.0.0"
section: "default"
priority: "extra"
maintainer: "John Doe <john@example.com>"
description: |
  FooBar is the great foo and bar software.
    And this can be in multiple lines!
vendor: "FooBarCorp"
homepage: "http://example.com"
license: "MIT"
contents:
- src: ./nfpm
  dst: /usr/local/bin/foo
rpm:
  signature:
    key_file: ./gpg.key
deb:
  signature:
    key_file: ./gpg.key
apk:
  signature:
    key_file: ./gpg.key

I am building nfpm with the following commands

cd cmd/nfpm
go build

/nfpm pkg --packager rpm --target ./
/nfpm pkg --packager deb --target ./
/nfpm pkg --packager apk --target ./

The RPM and DEB packages are built and signed without issue. The APK package gives the following error:

signing error: no PEM block found

After doing some digging, I have determined the RSASignSHA1Digest function in rsa.go is the source of the error. I updated the returned error to verify this:

signing error: RSASignSHA1Digest error: failed to sign package with keyfile ./gpg.key: no PEM block found

gpg.key does exist in the working directory, and is perfectly functional with rpm and deb. I noticed that this function does not seem to be called with RPM and DEB builds.

[caarlos0]

APK packages are not signed with GPG, but with RSA keys.

https://nfpm.goreleaser.com/configuration/?h=rsa