[
https://issues.apache.org/jira/browse/PHOENIX-7446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17891801#comment-17891801
]
Istvan Toth commented on PHOENIX-7446:
--------------------------------------
Preliminary:
* Make sure you have the *allow-preset-passphrase* line in your
_$HOME/.gnupg/gpg-agent.conf_
* If you had to add it, restart gpg-agent
{noformat}
gpgconf --kill all && gpg-connect-agent /bye{noformat}
* List the keys with the keygrips
{noformat}
gpg --with-keygrip --list-secret-keys{noformat}
2. Find the gpg-preset-passphrase tool. It is not on the PATH by default.
3. Preset the passphrase for your signing key
{noformat}
<path/to/>/gpg-preset-passphrase -P <the passpthrase> -c <the keygrip>{noformat}
4. Run the release process
5. Restart the gpg agent to make sure it forgets the preset passphrase
{noformat}
gpgconf --kill all && gpg-connect-agent /bye{noformat}
> Document GPG passphrase handling in release process
> ---------------------------------------------------
>
> Key: PHOENIX-7446
> URL: https://issues.apache.org/jira/browse/PHOENIX-7446
> Project: Phoenix
> Issue Type: Task
> Reporter: Istvan Toth
> Priority: Major
>
> It seems like the maven GPG plugin is no longer able to ask for a passphrase,
> and it has also been disabled for the tar.gz signing in the release script.
> It seems like we need to somehow preset the passphrase before running the
> release script.
> It seems that this requires either modifying the gpg-agent cache times so
> that it's longer than the release process, or using the gpg-preset-passphrase
> tool.
> Figure this out and document on the release page on the website and/or the
> release script README.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
