[jira] [Commented] (MGPG-112) Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"

Thu, 14 Mar 2024 13:20:44 -0700 


    [ 
https://issues.apache.org/jira/browse/MGPG-112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17827242#comment-17827242
 ] 

ASF GitHub Bot commented on MGPG-112:
-------------------------------------

cstamas opened a new pull request, #80:
URL: https://github.com/apache/maven-gpg-plugin/pull/80

   That caused that settings.xml could not deliver
   GPG passphrase as it was set up in setup-java.
   
   ---
   
   https://issues.apache.org/jira/browse/MGPG-112




> Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing 
> failed: No pinentry"
> ---------------------------------------------------------------------------------------------
>
>                 Key: MGPG-112
>                 URL: https://issues.apache.org/jira/browse/MGPG-112
>             Project: Maven GPG Plugin
>          Issue Type: Bug
>    Affects Versions: 3.2.0
>         Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS) 
> image. Full details can be found in the linked logs in Description.
>            Reporter: Harald Kuhr
>            Priority: Major
>             Fix For: 3.2.1
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my 
> projects CI failed with the message "gpg: signing failed: No pinentry". 
>  
> After upgrade to 3.2.0, the deploy step fails the build, while the relevant 
> part of the log says:
>  
> {noformat}
> [INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signer 'gpg' is signing 2 files
> gpg: signing failed: No pinentry
> gpg: signing failed: No pinentry
> ...
> Error:  Failed to execute goal 
> org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on 
> project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat}
>  
> After reverting to the working 3.1.0, build and deploy succeeds, the relevant 
> part of the log says:
>  
> {noformat}
> [INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signing 2 files with default secret key.
> ...
> [INFO] BUILD SUCCESS
> {noformat}
>  
> Is this an expected/intended behavior with the 3.2.0 release, and does the 
> plugin need additional/different configuration? If this is the case, can you 
> provide suggestions or workarounds to get the signing working again?
> As this is a minor version change, I suspect this is a bug/regression and not 
> intended. I don't find anything in the release notes suggesting a 
> configuration change is required.
> Plugin configuration (private key and passphrase is passed using GHA secrets):
>  
> {noformat}
> <plugin>
>     <groupId>org.apache.maven.plugins</groupId>
>     <artifactId>maven-gpg-plugin</artifactId>
>     <version>3.1.0</version>  <!-- fails with 3.2.0 -->
>     <configuration>
>         <!-- Prevent gpg from using pinentry programs -->
>         <gpgArguments>
>             <arg>--pinentry-mode</arg>
>             <arg>loopback</arg>
>         </gpgArguments>
>     </configuration>
>     <executions>
>         <execution>
>             <id>sign-artifacts</id>
>             <phase>verify</phase>
>             <goals>
>                 <goal>sign</goal>
>             </goals>
>         </execution>
>     </executions>
> </plugin>{noformat}
>  
> Full POM for the build: 
> [https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml]
>  
> Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0):
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895]
>  
> Full logs from working build (reverted to 3.1.0): 
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to