Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-build] gpg failure 
It sure seems like it must be related to passing the passphrase to the plugin,
which probably means the gpg commands aren't doing the right thing.  Here's
the output from the gpg "workaround" code:

+ gpg --batch --import ****
gpg: directory '/home/jenkins/.gnupg' created
gpg: keybox '/home/jenkins/.gnupg/pubring.kbx' created
gpg: key 3A1959EEF8726006: 1 signature not checked due to a missing key
gpg: /home/jenkins/.gnupg/trustdb.gpg: trustdb created
gpg: key 3A1959EEF8726006: public key "Eclipse Project for JAF
<jaf-dev@xxxxxxxxxxx>" imported
gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
gpg: key 3A1959EEF8726006: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1
gpg: no ultimately trusted keys found
+ gpg --list-keys --with-colons
+ awk -F: '/fpr:/ {print $10}'
+ sort -u
+ echo -e '5\ny\n'
+ gpg --batch --command-fd 0 --expert --edit-key
6DD3B8C64EF75253BEB2C53AD908A43FB7EC07AC trust
Secret subkeys are available.

pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: unknown       validity: unknown
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>

pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: unknown       validity: unknown
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu


pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: ultimate      validity: unknown
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>
Please note that the shown key validity is not necessarily correct
unless you restart the program.

+ echo -e '5\ny\n'
+ gpg --batch --command-fd 0 --expert --edit-key
CAE38BC93D90B852D88465DD3A1959EEF8726006 trust
Secret subkeys are available.

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-10-02
pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>

pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>

Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu


pub  rsa4096/3A1959EEF8726006
     created: 2018-10-03  expires: 2023-10-02  usage: SCEA
     trust: ultimate      validity: ultimate
ssb  rsa4096/D908A43FB7EC07AC
     created: 2018-10-03  expires: 2023-10-02  usage: S
[ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx>




And here's the stack trace:

[INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts) @ all ---
GPG Passphrase:  **[INFO]
------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] JavaBeans Activation Framework distribution 1.2.1 .. FAILURE [  1.628 s]
*[INFO] JavaBeans Activation Framework ..................... SKIPPED
[INFO] JavaBeans Activation Framework API jar 1.2.1 ....... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
*[INFO] Total time: 2.013 s
[INFO] Finished at: 2018-10-30T01:24:21Z
[INFO] ------------------------------------------------------------------------
*[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
all: Execution sign-artifacts of goal
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.: NullPointerException
-> [Help 1]
*org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
all: Execution sign-artifacts of goal
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:21*3)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:154)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:146)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.ja*va:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:81)
    at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal*.LifecycleStarter.execute
(LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (*MavenCli.java:954)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method*)
    at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke* (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
    at org.codehaus.plexu*s.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execu*tion
sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:148)
    at org.apache.maven.lifecycle.*internal.MojoExecutor.execute
(MojoExecutor.java:208)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:154)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoEx*ecutor.java:146)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildPr*oject
(LifecycleModuleBuilder.java:81)
    at
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute*
(LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMave*n.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.refle*ct.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)*
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
(Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch
(*Launcher.java:229)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:356)
Caused by: java.lang.NullPointerException
*    at java.util.Hashtable.put (Hashtable.java:460)
    at java.util.Properties.setProperty (Properties.java:166)
    at org.apache.maven.plugin.gpg.GpgSigner.getPassphrase (GpgSigner.java:273)
    at org.apache.maven.plugin.gpg.AbstractGpgMojo.newSigner
(AbstractGpgMojo.java:104)
    at org.apache.maven.plugin.gpg.GpgSignAttachedMojo.execute
(GpgSignAttachedMojo.java:120)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
(DefaultBuildPluginManager.java:137*)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:208)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecutor.java:154)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
(MojoExecut*or.java:146)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
(LifecycleModuleBuilder.java:81)
    at
org.apache.maven.lifecycle.i*nternal.builder.singlethreaded.SingleThreadedBuilder.build
(SingleThreadedBuilder.java:56)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
(LifecycleStarter.java:128)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMave*n.java:305)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
    at org.apache.maven.cli.*MavenCli.doMain (MavenCli.java:288)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke
(NativeMethodAccessorImpl.jav*a:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:498)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced*
(Launcher.java:289)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:229)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
(Launcher.java:415)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main* (Launcher.java:356)
[ERROR]


It looks like it's trying to prompt for the passphrase interactively, which
is obviously not going to work.  Aren't those earlier gpg commands supposed
to set things up so it can find the passphrase without prompting?


Romain Grécourt wrote on 10/29/2018 06:14 PM:
> Hard to tell without a stack trace in this case.
> 
> Can you add "-e" to the maven command line so that it prints the stack trace ?
> Then we can look at the plugin code and try to figure it out.
> 
> Thanks,
> Romain
> 
> On Mon, Oct 29, 2018 at 6:01 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
> 
>     I'm trying to stage a final release of JAF.
> 
>     First I tried "mvn -B ... deploy", but that failed with:
> 
>     [ERROR] Failed to execute goal
>     org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
>     all: Cannot obtain passphrase in batch mode -> [Help 1]
> 
>     So I got rid of the "-B", but then it fails with:
> 
>     [ERROR] Failed to execute goal
>     org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
>     all: Execution sign-artifacts of goal
>     org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.: NullPointerException
>     -> [Help 1]
> 
>     My Jenkins job is:
>     https://jenkins.eclipse.org/jaf/job/jaf-branch-build-release/
> 
>     I believe I've configured all the security stuff correctly, and I've
>     included the gpg workaround in my build script, which I've included below.
>     What did I do wrong?
> 
> 
>     -----
> 
>     TOOLS_PREFIX='/opt/tools'
>     JAVA_PREFIX="${TOOLS_PREFIX}/java/oracle"
>     MVN_HOME="${TOOLS_PREFIX}/apache-maven/latest"
>     JAVA_HOME="${JAVA_PREFIX}/jdk-8/latest"
>     PATH="${MVN_HOME}/bin:${JAVA_HOME}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> 
>     HELP_PLUGIN='org.apache.maven.plugins:maven-help-plugin:2.1.1'
> 
>     # Customize these for each project
>     STAGING_NAME=jakartaactivation
>     STAGING_DESC="Eclipse Project for JAF"
>     STAGING_PROFILE_ID=70fc011e3d589e
> 
> 
> 
>     # Workaround: GPG initialization
>     gpg --batch --import ${KEYRING}
>     for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' |
>     sort -u);
>     do
>       echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
>     done
> 
>     # XXX - just to make sure it doesn't change
>     mvn -B nexus-staging:rc-list-profiles
> 
>     # Clean up from any previous failures
>     for id in $(mvn -B nexus-staging:rc-list | \
>       egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
>       awk '{print $2}')
>     do
>         echo "Closing and dropping $id"
>         mvn -B nexus-staging:rc-close nexus-staging:rc-drop \
>           -DstagingRepositoryId="$id" \
>           -DstagingDescription="${STAGING_DESC}"
>     done
> 
>     # Open a new staging repo
>     mvn -B nexus-staging:rc-open \
>       -DstagingProfileId="${STAGING_PROFILE_ID}" \
>       -DstagingDescription="${STAGING_DESC}"
> 
>     # Get the ID of the newly created staging repo
>     STAGING_REPO_ID=$(mvn -B nexus-staging:rc-list | \
>       egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
>       awk '{print $2}' | head -1)
> 
>     # Build
>     mvn -B clean install
> 
>     # Deploy
>     # Select the appropriate profile from our pom based on whether
>     # we're deploying a SNAPSHOT release or not.
>     VERSION=$(mvn -B ${HELP_PLUGIN}:evaluate \
>                -Dexpression=project.version 2> /dev/null | grep -v INFO)
>     case "$VERSION" in
>     *-SNAPSHOT)
>         PROFILE=deploy-snapshot
>         ;;
>     *)
>         PROFILE=deploy-release
>         ;;
>     esac
>     mvn -Poss-release -P"${PROFILE}" \
>       -DstagingRepositoryId="${STAGING_REPO_ID}" deploy
> 
>     # Close the nexus staging repository
>     mvn -B nexus-staging:rc-close \
>       -DstagingRepositoryId="${STAGING_REPO_ID}" \
>       -DstagingDescription="${STAGING_DESC}"
> 
>     # If it's a SNAPSHOT version, just release it.
>     case "$VERSION" in
>     *-SNAPSHOT)
>         mvn -B nexus-staging:rc-release \
>           -DstagingRepositoryId="${STAGING_REPO_ID}" \
>           -DstagingDescription="${STAGING_DESC}"
>         ;;
>     esac
>     _______________________________________________
>     ee4j-build mailing list
>     ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>
>     To change your delivery options, retrieve your password, or unsubscribe from
>     this list, visit
>     https://www.eclipse.org/mailman/listinfo/ee4j-build
> 
> 
> 
> _______________________________________________
> ee4j-build mailing list
> ee4j-build@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/ee4j-build
>

Back to the top