Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] PGP Signing on


WindowBuilder started to use direct-from-maven content so it needs to PGP sign that content but does not yet do so:

To support that, the ci instance needs to be enabled which I requested via this:

Even with that enabled, I have not been successful in getting it to actually work.

I have the following "test" job but I can't get past the issue of needing, and not knowing, the passphrase:

I tried to replicate what the platform does via a Jenkins file with this job:

But still there are problems with the passphrase.   Some magic must exist to get this part to work:

        withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) {

Has anyone else successfully gotten this to work?  In particular, how does one configure access to the passphrase of the GPG keystore?  Is that another thing that the IT staff needs to enable for the instance?

Clearly the platform has gotten this to work so someone must have an answer.   I've just not been able to track down that someone...


The answers to this question will become increasingly important to the projects downstream from the platform as the the platform actively is replacing as many Orbit dependencies with direct-from-maven dependencies as possible.   See the history here:

One concern with this approach is that the direct-from-maven bundles typically have no version qualifier so if it's the "same" minor version as the Orbit one, it will look older rather than newer...


Back to the top