[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Steve Todorov edited a comment on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files [~cleclerc] do you know what is the state of this issue? We are currently preparing some jobs which will be using the `maven-gpg-plugin` to sign maven artifacts. However the only way this would ever work is by doing `mvn release:perform -Darguments=-Dgpg.passphrase=thephrase` and passing the password via the CLI is something we would like to avoid.Can't there just be a `Maven passphrase` credential type for this case kind which results you can add in adding a server Id with a the credentials section and then from the ` Config File Management ` ? (like in you can add the [examples|http://maven.apache.org/plugins/maven-gpg-plugin/usage.html] of maven's gpg plugin) `serverid` to use the defined credentials? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Steve Todorov commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files Cyrille Le Clerc do you know what is the state of this issue? We are currently preparing some jobs which will be using the `maven-gpg-plugin` to sign maven artifacts. However the only way this would ever work is by doing `mvn release:perform -Darguments=-Dgpg.passphrase=thephrase` and passing the password via the CLI is something we would like to avoid. Can't there just be a `Maven passphrase` credential type for this case which results in adding a server Id with a `` ? (like in the examples of maven's gpg plugin) Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files Dominik Bartholdi piling these wrappers reminds me stacktraces with Spring Framework. I have already discussed with Jesse Glick of the drawback of nesting these "withXxx(){...}" wrappers. I imagined to declare these wrappers at the "node(){...}" declaration level, it likely to not be the direction. The solution may come from Declarative Pipelines. Note that the "stage" step recently became a wrapper with "stage(){...}" Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Dominik Bartholdi commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files hmm, yeah - strange situation. ...to be honest: as a user, I don't like the withXXX wrapper stuff - all this nested wrapping of code within the different closers are awkward and make the pipeline scripts very hard to read. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files Dominik Bartholdi I tend to think that my initial writing "Support injection of maven-gpg-plugin:sign config params in Maven Settings files" is not good, that it's not about Maven settings.xml and that maven-gpg-plugin credentials should be handled by the withMaven(){...} plugin. I feel that there is no perfect solution because there is an inconsistency in Maven itself with most credentials handled in settings.xml through "" definitions but some credentials used by some plugins bypass this mechanism to directly consume credentials. Maybe it should be a withGpg(){...} wrapping step that would expose the GPG keys through environment variables. The problem is that the environment variables consumed by the maven-gpg-plugin (gpg.secretKeyring, gpg.passphrase...) are specific to this plugin and are not standard to GPG --> we don't want the "withGpg(){...}" wrapping step to have a "logical dependency" on Maven Maybe we do it with the Jenkins config-file-provider plugin because it is the plugin in which we handle credentials consumed by Maven but it is awkward because the config-file-provider plugin is about Maven settings.xml and credentials consumed by the maven-gpg-plugin are not managed in settings.xml but in pom.xml and through default environment variable names Maybe we should do it in the withMaven(){...}. The "small glitch" I see is that most of credentials used by Maven builds are managed in settings.xml through the Jenkins config-file-provider plugin and we would do something inconsistent for GPG credentials. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c)
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Dominik Bartholdi commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files would you expect the config-file-provider plugin to inject these settings as properties into the settings.xml? Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc updated an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Change By: Cyrille Le Clerc When signing artifacts with GPG, Maven apps usually rely on the [Maven GPG Plugin|http://maven.apache.org/plugins/maven-gpg-plugin] and thus store secrets in Maven settings.xml.These secrets should be handled by the Jenkins Config File Provider Plugin.Key configuration parameters that should be handled by the Config File Provider Plugin:http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html* *gpg.keyname*: The "name" of the key to sign with. Passed to gpg as --local-user.* *gpg.passphrase*: The passphrase to use when signing. If not given, look up the value under Maven settings using server id at 'passphraseServerKey' configuration.* *gpg.passphraseServerId*: Server id to lookup the passphrase under Maven settings.* *gpg.useagent*: Server id to lookup the passphrase under Maven settings.* *gpg.homedir** *gpg.publicKeyring*: The path to a public keyring to add to the list of keyrings. By default, only the pubring.gpg from gpg's home directory is considered. Use this option (and defaultKeyring if required) to use a different public key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.* *gpg.secretKeyring*: The path to a secret keyring to add to the list of keyrings. By default, only the secring.gpg from gpg's home directory is considered. Use this option (in combination with publicKeyring and defaultKeyring if required) to use a different secret key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.gpg.useagent: Passes --use-agent or --no-use-agent to gpg. If using an agent, the passphrase is optional as the agent will provide it. For gpg2, specify true as --no-use-agent was removed in gpg2 and doesn't ask for a passphrase anymore.* *gpg.defaultKeyring*: Whether to add the default keyrings from gpg's home directory to the list of used keyrings.* *gpg.homedir*: The directory from which gpg will load keyrings. If not specified, gpg will use the value configured for its installation, e.g. ~/.gnupg or %APPDATA%/gnupg.Maybe we should also consider http://kohsuke.org/pgp-maven-plugin but I'm not sure that this plugin is widely adopted and actively maintained. References:* https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration.html** {{~/.gnupg}} This is the default home directory which is used if neither the environment variable GNUPGHOME nor the option --homedir is given. ** {{~/.gnupg/pubring.gpg}} : The public keyring.** {{~/.gnupg/pubring.gpg}}: The public keyring.** {{~/.gnupg/trustdb.gpg}} The trust database. There is no need to backup this file; it is better to backup the ownertrust values (see option --export-ownertrust).
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc commented on JENKINS-40703 Re: Support injection of maven-gpg-plugin:sign config params in Maven Settings files Maybe it makes more sense to offer this feature through the credentials binding plugin. Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc updated an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Change By: Cyrille Le Clerc When signing artifacts with GPG, Maven apps usually rely on the [Maven GPG Plugin|http://maven.apache.org/plugins/maven-gpg-plugin] and thus store secrets in Maven settings.xml.These secrets should be handled by the Jenkins Config File Provider Plugin.Key configuration parameters that should be handled by the Config File Provider Plugin:http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html* *gpg.keyname*: The "name" of the key to sign with. Passed to gpg as --local-user.* *gpg.passphrase*: The passphrase to use when signing. If not given, look up the value under Maven settings using server id at 'passphraseServerKey' configuration.* *gpg.passphraseServerId*: Server id to lookup the passphrase under Maven settings.* *gpg.useagent*: Server id to lookup the passphrase under Maven settings.* *gpg.homedir** *gpg.publicKeyring*: The path to a public keyring to add to the list of keyrings. By default, only the pubring.gpg from gpg's home directory is considered. Use this option (and defaultKeyring if required) to use a different public key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.* *gpg.secretKeyring*: The path to a secret keyring to add to the list of keyrings. By default, only the secring.gpg from gpg's home directory is considered. Use this option (in combination with publicKeyring and defaultKeyring if required) to use a different secret key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.gpg.useagent: Passes --use-agent or --no-use-agent to gpg. If using an agent, the passphrase is optional as the agent will provide it. For gpg2, specify true as --no-use-agent was removed in gpg2 and doesn't ask for a passphrase anymore.* *gpg.defaultKeyring*: Whether to add the default keyrings from gpg's home directory to the list of used keyrings.* *gpg.homedir*: The directory from which gpg will load keyrings. If not specified, gpg will use the value configured for its installation, e.g. ~/.gnupg or %APPDATA%/gnupg. See Maybe we should also consider http://kohsuke.org/pgp-maven-plugin /usage but I'm not sure that this plugin is widely adopted and actively maintained . html
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc updated an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Change By: Cyrille Le Clerc When signing artifacts with GPG, Maven apps usually rely on the [Maven GPG Plugin|http://maven.apache.org/plugins/maven-gpg-plugin] and thus store secrets in Maven settings.xml.These secrets should be handled by the Jenkins Config File Provider Plugin.Key configuration parameters that should be handled by the Config File Provider Plugin:http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html* *gpg.keyname*: The "name" of the key to sign with. Passed to gpg as --local-user.* *gpg.passphrase*: The passphrase to use when signing. If not given, look up the value under Maven settings using server id at 'passphraseServerKey' configuration.* *gpg.passphraseServerId*: Server id to lookup the passphrase under Maven settings.* *gpg.useagent*: Server id to lookup the passphrase under Maven settings.* *gpg.homedir** *gpg.publicKeyring*: The path to a public keyring to add to the list of keyrings. By default, only the pubring.gpg from gpg's home directory is considered. Use this option (and defaultKeyring if required) to use a different public key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.* *gpg.secretKeyring*: The path to a secret keyring to add to the list of keyrings. By default, only the secring.gpg from gpg's home directory is considered. Use this option (in combination with publicKeyring and defaultKeyring if required) to use a different secret key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.gpg.useagent: Passes --use-agent or --no-use-agent to gpg. If using an agent, the passphrase is optional as the agent will provide it. For gpg2, specify true as --no-use-agent was removed in gpg2 and doesn't ask for a passphrase anymore.* *gpg.defaultKeyring*: Whether to add the default keyrings from gpg's home directory to the list of used keyrings.* *gpg.homedir*: The directory from which gpg will load keyrings. If not specified, gpg will use the value configured for its installation, e.g. ~/.gnupg or %APPDATA%/gnupg. See also http://kohsuke.org/pgp-maven-plugin/usage.html
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc updated an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Change By: Cyrille Le Clerc Issue Type: Improvement New Feature Add Comment This message was sent by Atlassian JIRA (v7.1.7#71011-sha1:2526d7c) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc updated an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Change By: Cyrille Le Clerc When signing artifacts with GPG, Maven apps usually rely on the [Maven GPG Plugin|http://maven.apache.org/plugins/maven-gpg-plugin] and thus store secrets in MAven Maven settings.xml.These secrets should be handled by the Jenkins Config File Provider Plugin.Key configuration parameters that should be handled by the Config File Provider Plugin:http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html* *gpg.keyname*: The "name" of the key to sign with. Passed to gpg as --local-user.* *gpg.passphrase*: The passphrase to use when signing. If not given, look up the value under Maven settings using server id at 'passphraseServerKey' configuration.* *gpg.passphraseServerId*: Server id to lookup the passphrase under Maven settings.* *gpg.useagent*: Server id to lookup the passphrase under Maven settings.* *gpg.homedir** *gpg.publicKeyring*: The path to a public keyring to add to the list of keyrings. By default, only the pubring.gpg from gpg's home directory is considered. Use this option (and defaultKeyring if required) to use a different public key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.* *gpg.secretKeyring*: The path to a secret keyring to add to the list of keyrings. By default, only the secring.gpg from gpg's home directory is considered. Use this option (in combination with publicKeyring and defaultKeyring if required) to use a different secret key. Note: Relative paths are resolved against gpg's home directory, not the project base directory.gpg.useagent: Passes --use-agent or --no-use-agent to gpg. If using an agent, the passphrase is optional as the agent will provide it. For gpg2, specify true as --no-use-agent was removed in gpg2 and doesn't ask for a passphrase anymore.* *gpg.defaultKeyring*: Whether to add the default keyrings from gpg's home directory to the list of used keyrings.* *gpg.homedir*: The directory from which gpg will load keyrings. If not specified, gpg will use the value configured for its installation, e.g. ~/.gnupg or %APPDATA%/gnupg. Add Comment
[JIRA] (JENKINS-40703) Support injection of maven-gpg-plugin:sign config params in Maven Settings files
Title: Message Title Cyrille Le Clerc created an issue Jenkins / JENKINS-40703 Support injection of maven-gpg-plugin:sign config params in Maven Settings files Issue Type: Improvement Assignee: Dominik Bartholdi Components: config-file-provider-plugin Created: 2016/Dec/28 12:08 PM Priority: Minor Reporter: Cyrille Le Clerc When signing artifacts with GPG, Maven apps usually rely on the Maven GPG Plugin and thus store secrets in MAven settings.xml. These secrets should be handled by the Jenkins Config File Provider Plugin. Key configuration parameters that should be handled by the Config File Provider Plugin: http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html gpg.keyname: The "name" of the key to sign with. Passed to gpg as --local-user. gpg.passphrase: The passphrase to use when signing. If not given, look up the value under Maven settings using server id at 'passphraseServerKey' configuration. gpg.passphraseServerId: Server id to lookup the passphrase under Maven settings. gpg.useagent: Server id to lookup the passphrase under Maven settings. gpg.homedir gpg.publicKeyring: The path to a public keyring to add to the list of keyrings. By default, only the pubring.gpg from gpg's home directory is considered. Use this option (and defaultKeyring if required) to use a different public key. Note: Relative paths are resolved against gpg's home directory, not the project base directory. gpg.secretKeyring: The path to a secret keyring to add to the list of keyrings. By default, only the