[jira] [Commented] (MGPG-112) Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing failed: No pinentry"

[Marc Nuri (Jira)]

    [ 
https://issues.apache.org/jira/browse/MGPG-112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830393#comment-17830393
 ] 

Marc Nuri commented on MGPG-112:
--------------------------------

I'm currently getting an {{401 Unauthorized}} status code when using the 
{{gpg:sign-and-deploy-file}} goal with the {{repositoryId}}, {{url}}, 
{{pomFile}} passed in as Maven CLI arguments ({{-D<flag>}}).

Credentials should be read from the {{settings.xml}} file that GitHub 
actions/setup-java populates, but aren't.

You can check the setup at 
https://github.com/fabric8io/kubernetes-client/blob/e7f734bd5922bce0a78e9babbbdfce4d564560bb/.github/workflows/release-snapshots.yaml#L93-L97

Given the context, my impression is that the problem relates to the changes 
that caused this issue.

{code}
Error:  Failed to execute goal 
org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file 
(default-cli) on project kubernetes-client-project: Error deploying attached 
artifacts [io.fabric8:kubernetes-client-bom:pom:6.11-SNAPSHOT, 
io.fabric8:kubernetes-client-bom:pom.asc:6.11-SNAPSHOT]: Failed to deploy 
artifacts: Could not transfer artifact 
io.fabric8:kubernetes-client-bom:pom:6.11-20240325.075308-56 from/to ossrh 
(https://oss.sonatype.org/content/repositories/snapshots/): authentication 
failed for 
https://oss.sonatype.org/content/repositories/snapshots/io/fabric8/kubernetes-client-bom/6.11-SNAPSHOT/kubernetes-client-bom-6.11-20240325.075308-56.pom,
 status: 401 Unauthorized -> [Help 1]
{code}


> Upgrading from 3.1.0 to 3.2.0 with no other changes causes "gpg: signing 
> failed: No pinentry"
> ---------------------------------------------------------------------------------------------
>
>                 Key: MGPG-112
>                 URL: https://issues.apache.org/jira/browse/MGPG-112
>             Project: Maven GPG Plugin
>          Issue Type: Bug
>    Affects Versions: 3.2.0
>         Environment: GitHub actions, using ubuntu-22.04 (Ubuntu 22.04 LTS) 
> image. Full details can be found in the linked logs in Description.
>            Reporter: Harald Kuhr
>            Assignee: Tamas Cservenak
>            Priority: Major
>             Fix For: 3.2.1
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.20, the Deploy step of my 
> projects CI failed with the message "gpg: signing failed: No pinentry". 
>  
> After upgrade to 3.2.0, the deploy step fails the build, while the relevant 
> part of the log says:
>  
> {noformat}
> [INFO] --- maven-gpg-plugin:3.2.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signer 'gpg' is signing 2 files
> gpg: signing failed: No pinentry
> gpg: signing failed: No pinentry
> ...
> Error:  Failed to execute goal 
> org.apache.maven.plugins:maven-gpg-plugin:3.2.0:sign (sign-artifacts) on 
> project twelvemonkeys: Exit code: 2 -> [Help 1]{noformat}
>  
> After reverting to the working 3.1.0, build and deploy succeeds, the relevant 
> part of the log says:
>  
> {noformat}
> [INFO] --- maven-gpg-plugin:3.1.0:sign (sign-artifacts) @ twelvemonkeys ---
> [INFO] Signing 2 files with default secret key.
> ...
> [INFO] BUILD SUCCESS
> {noformat}
>  
> Is this an expected/intended behavior with the 3.2.0 release, and does the 
> plugin need additional/different configuration? If this is the case, can you 
> provide suggestions or workarounds to get the signing working again?
> As this is a minor version change, I suspect this is a bug/regression and not 
> intended. I don't find anything in the release notes suggesting a 
> configuration change is required.
> Plugin configuration (private key and passphrase is passed using GHA secrets):
>  
> {noformat}
> <plugin>
>     <groupId>org.apache.maven.plugins</groupId>
>     <artifactId>maven-gpg-plugin</artifactId>
>     <version>3.1.0</version>  <!-- fails with 3.2.0 -->
>     <configuration>
>         <!-- Prevent gpg from using pinentry programs -->
>         <gpgArguments>
>             <arg>--pinentry-mode</arg>
>             <arg>loopback</arg>
>         </gpgArguments>
>     </configuration>
>     <executions>
>         <execution>
>             <id>sign-artifacts</id>
>             <phase>verify</phase>
>             <goals>
>                 <goal>sign</goal>
>             </goals>
>         </execution>
>     </executions>
> </plugin>{noformat}
>  
> Full POM for the build: 
> [https://github.com/haraldk/TwelveMonkeys/blob/878d6217d8538f05205c092c7230c8db6727d058/pom.xml]
>  
> Full logs from broken build (Dependabot PR bump 3.1.0 to 3.2.0):
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230467333/job/22504202895]
>  
> Full logs from working build (reverted to 3.1.0): 
> [https://github.com/haraldk/TwelveMonkeys/actions/runs/8230663423/job/22504567422]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)