[ https://issues.apache.org/jira/browse/MGPG-112?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tamas Cservenak resolved MGPG-112. ---------------------------------- Resolution: Fixed > Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing > failed: No pinentry" > --------------------------------------------------------------------------------------------- > > Key: MGPG-112 > URL: https://issues.apache.org/jira/browse/MGPG-112 > Project: Maven GPG Plugin > Issue Type: Bug > Affects Versions: 3.2.0 > Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS) > image. Full details can be found in the linked logs in Description. > Reporter: Harald Kuhr > Assignee: Tamas Cservenak > Priority: Major > Fix For: 3.2.1 > > > After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my > projects CI failed with the message "gpg: signing failed: No pinentry". > > After upgrade to 3.2.0, the deploy step fails the build, while the relevant > part of the log says: > > {noformat} > [INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys --- > [INFO] Signer 'gpg' is signing 2 files > gpg: signing failed: No pinentry > gpg: signing failed: No pinentry > ... > Error: Failed to execute goal > org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on > project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat} > > After reverting to the working 3.1.0, build and deploy succeeds, the relevant > part of the log says: > > {noformat} > [INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys --- > [INFO] Signing 2 files with default secret key. > ... > [INFO] BUILD SUCCESS > {noformat} > > Is this an expected/intended behavior with the 3.2.0 release, and does the > plugin need additional/different configuration? If this is the case, can you > provide suggestions or workarounds to get the signing working again? > As this is a minor version change, I suspect this is a bug/regression and not > intended. I don't find anything in the release notes suggesting a > configuration change is required. > Plugin configuration (private key and passphrase is passed using GHA secrets): > > {noformat} > <plugin> > <groupId>org.apache.maven.plugins</groupId> > <artifactId>maven-gpg-plugin</artifactId> > <version>3.1.0</version> <!-- fails with 3.2.0 --> > <configuration> > <!-- Prevent gpg from using pinentry programs --> > <gpgArguments> > <arg>--pinentry-mode</arg> > <arg>loopback</arg> > </gpgArguments> > </configuration> > <executions> > <execution> > <id>sign-artifacts</id> > <phase>verify</phase> > <goals> > <goal>sign</goal> > </goals> > </execution> > </executions> > </plugin>{noformat} > > Full POM for the build: > [https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml] > > Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0): > [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895] > > Full logs from working build (reverted to 3.1.0): > [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422] -- This message was sent by Atlassian Jira (v8.20.10#820010)