[jira] [Created] (MGPG-112) Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"

[Harald Kuhr (Jira)]

Harald Kuhr created MGPG-112:
--------------------------------

             Summary: Upgrading from 3.1.0 to 3.2.0 with no other changes 
causes "gpg: signing failed: No pinentry"
                 Key: MGPG-112
                 URL: https://issues.apache.org/jira/browse/MGPG-112
             Project: Maven GPG Plugin
          Issue Type: Bug
    Affects Versions: 3.2.0
         Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS) 
image. Full details can be found in the log above.
            Reporter: Harald Kuhr


After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my 
projects CI failed with the message "gpg: signing failed: No pinentry". 

 

After upgrade to 3.2.0, the deploy step fails the build, while the relevant 
part of the log says:

 
{noformat}
[INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys ---
[INFO] Signer 'gpg' is signing 2 files
gpg: signing failed: No pinentry
gpg: signing failed: No pinentry
...
Error:  Failed to execute goal 
org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on 
project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat}
 

After reverting to the working 3.1.0, build and deploy succeeds, the relevant 
part of the log says:

 
{noformat}
[INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys ---
[INFO] Signing 2 files with default secret key.
...
[INFO] BUILD SUCCESS
{noformat}
 

Is this an expected/intended behavior with the 3.2.0 release, and does the 
plugin need additional/different configuration? If this is the case, can you 
provide suggestions or workarounds to get the signing working again?

As this is a minor version change, I suspect this is a bug/regression and not 
intended. I don't find anything in the release notes suggesting a configuration 
change is required.

Plugin configuration (private key and passphrase is passed using GHA secrets):

 
{noformat}
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>3.1.0</version>  <!-- fails with 3.2.0 -->
    <configuration>
        <!-- Prevent gpg from using pinentry programs -->
        <gpgArguments>
            <arg>--pinentry-mode</arg>
            <arg>loopback</arg>
        </gpgArguments>
    </configuration>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>{noformat}
 

Full POM for the build: 
[https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml]

 

 

 

Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0):

[https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895]

 

Full logs from working build (reverted to 3.1.0): 
[https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)