Mark,
On 11/10/25 9:18 AM, Mark Thomas wrote:
On 10/11/2025 13:15, Christopher Schultz wrote:
Rainer,
On 11/9/25 12:35 PM, Rainer Jung wrote:
Hi there,
we now use gpg for two features:
a) signing release artefacts in the release target
b) checking signatures in the verify-release target
Now
a) gets run, whenever gpg.exec points to an existing file. If so, it
prompts interactively for a password to a siging key and uses that
for the signing. Since I want to run the release target but not to do
the signing, I used to set gpg.exec to a non-existing file.
Oh, right. This is why I set gpg.exec in build.properties.release: so
that signing would be enabled for a release-build by someone who was
verifying the release instead of preparing the release.
I'm not sure I follow.
The person verifying the release needs gpg.exec set to their local path
to gpg, not to whatever path the release manager used. Don't they?
Yes, but a bunch of things were being skipped during the build if the
path wasn't set at all, which would be typical for someone downstream.
Even though gpg isn't used during "release" when the signatures are
already there, I seem to remember some part of the build being skipped
unless gpg.exec was set to something. So the release set it to the RM's
path for lack of anything better.
I'm sure Rainer's solution will be better; I'll review it once he pushes it.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
