Harald Kuhr created MGPG-112:
--------------------------------
Summary: Upgrading from 3.1.0 to 3.2.0 with no other changes
causes "gpg: signing failed: No pinentry"
Key: MGPG-112
URL: https://issues.apache.org/jira/browse/MGPG-112
Project: Maven GPG Plugin
Issue Type: Bug
Affects Versions: 3.2.0
Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS)
image. Full details can be found in the log above.
Reporter: Harald Kuhr
After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my
projects CI failed with the message "gpg: signing failed: No pinentry".
After upgrade to 3.2.0, the deploy step fails the build, while the relevant
part of the log says:
{noformat}
[INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys ---
[INFO] Signer 'gpg' is signing 2 files
gpg: signing failed: No pinentry
gpg: signing failed: No pinentry
...
Error: Failed to execute goal
org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on
project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat}
After reverting to the working 3.1.0, build and deploy succeeds, the relevant
part of the log says:
{noformat}
[INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys ---
[INFO] Signing 2 files with default secret key.
...
[INFO] BUILD SUCCESS
{noformat}
Is this an expected/intended behavior with the 3.2.0 release, and does the
plugin need additional/different configuration? If this is the case, can you
provide suggestions or workarounds to get the signing working again?
As this is a minor version change, I suspect this is a bug/regression and not
intended. I don't find anything in the release notes suggesting a configuration
change is required.
Plugin configuration (private key and passphrase is passed using GHA secrets):
{noformat}
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>3.1.0</version> <!-- fails with 3.2.0 -->
<configuration>
<!-- Prevent gpg from using pinentry programs -->
<gpgArguments>
<arg>--pinentry-mode</arg>
<arg>loopback</arg>
</gpgArguments>
</configuration>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>{noformat}
Full POM for the build:
[https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml]
Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0):
[https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895]
Full logs from working build (reverted to 3.1.0):
[https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
