[
https://issues.apache.org/jira/browse/SOLR-15361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332807#comment-17332807
]
Chris M. Hostetter commented on SOLR-15361:
-------------------------------------------
Hmmm... now I'm even more confused....
Ah .. ok .. part of my confusion is that the 'find' command output shows that
{{solr-9.0.0-SNAPSHOT.tgz.asc}} – leading me to think gpg2 is in fact signing
the file – but then i realized way the gradle signing plugin is working seems
to be creating that file itself and then "failing" because gpg2 doesn't give it
any stdout to write to that file.
[~houston] – some new questions...
# can you confirm that the
{{solr/packaging/build//distributions/solr-9.0.0-SNAPSHOT.tgz.asc}} file you're
getting is 0 bytes?
# do you get any similar looking "No such file or directory" errors w/ a non
gradle test signing operation like {{echo "DATADATA" | gpg2 --local-user
YOUR_KEY_FINGERPRINT_HERE --status-fd 2 --with-colons --batch --detach-sign
--armor}} (I'm curious about both "gpg" and "gpg2" here ... I'm wondering if
the 'GnuPG/MacGPG2' vs 'GnuPG' binary distinction had anything to do with the
behavior you're seeing
I'm curious about both "gpg" and "gpg2" here since they are different on your
box)
# does setting {{-Psigning.gnupg.useLegacyGpg=true}} on the gradle command
line change the behavior you're seeing? (in our usage the only thing it should
change is adding the {{--use-agent}} argument ... but that should be the
default in gpg2 anyway)
# does setting {{-Psigning.gnupg.executable=gpg}} on the gradle command line
(w/ or w/o {{-Psigning.gnupg.useLegacyGpg=true}}) change the behavior you're
seeing? (Again, I'm wondering if the 'GnuPG/MacGPG2' vs 'GnuPG' distinctionis a
factor)
# does setting {{-Psigning.gnupg.optionsFile=/dev/null}} on the gradle command
line change the behavior you're seeing?
# can you share your ~/.gnupg/gpg.conf so we can see what kinds of defaults
you have that would be added to the options set by gradle?
Has anyone else besides houston & myself tried to run {{./gradlew signDist
-Psigning.gnupg.keyName=YOUR_KEY}} ? on what OS? any failures like Houston's
(or any failures at all?)
> update gradle build to support gpg signing of tgz/zip distributions
> -------------------------------------------------------------------
>
> Key: SOLR-15361
> URL: https://issues.apache.org/jira/browse/SOLR-15361
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Chris M. Hostetter
> Assignee: Chris M. Hostetter
> Priority: Major
> Fix For: main (9.0)
>
> Attachments: SOLR-15361.patch, SOLR-15361.patch, SOLR-15361.patch,
> SOLR-15361.patch, SOLR-15361.patch, SOLR-15361.patch, houston.wtf.stderr.txt,
> houston.wtf.stdout.txt
>
>
> the gradle build does not currently have any support for gpg signing the
> distributions we produce.
> this is neccessary for releases, and for being able to "smoke test" our
> Dockerfiles prior to release (by creating mock download servers to confirm
> {{docker build}} can correctly fetch the {{tgz}} & {{tgz.asc}} files we point
> it at)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
