[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [ee4j-build] gpg failure
|
What is the passphrase? Where do I find it?
I don't see this described anywhere in the build instructions.
https://wiki.eclipse.org/EE4J_Build
Romain Grécourt wrote on 10/29/2018 06:49 PM:
> You can pass the passphrase using -Dgpg.passphrase in your maven command line.
> See http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphrase
>
> On Mon, Oct 29, 2018 at 6:37 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
>
> It sure seems like it must be related to passing the passphrase to the plugin,
> which probably means the gpg commands aren't doing the right thing. Here's
> the output from the gpg "workaround" code:
>
> + gpg --batch --import ****
> gpg: directory '/home/jenkins/.gnupg' created
> gpg: keybox '/home/jenkins/.gnupg/pubring.kbx' created
> gpg: key 3A1959EEF8726006: 1 signature not checked due to a missing key
> gpg: /home/jenkins/.gnupg/trustdb.gpg: trustdb created
> gpg: key 3A1959EEF8726006: public key "Eclipse Project for JAF
> <jaf-dev@xxxxxxxxxxx <mailto:jaf-dev@xxxxxxxxxxx>>" imported
> gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
> gpg: key 3A1959EEF8726006: secret key imported
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: secret keys read: 1
> gpg: secret keys imported: 1
> gpg: no ultimately trusted keys found
> + gpg --list-keys --with-colons
> + awk -F: '/fpr:/ {print $10}'
> + sort -u
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> 6DD3B8C64EF75253BEB2C53AD908A43FB7EC07AC trust
> Secret subkeys are available.
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to correctly verify other users' keys
> (by looking at passports, checking fingerprints from different sources, etc.)
>
> 1 = I don't know or won't say
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> 5 = I trust ultimately
> m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: ultimate validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
> Please note that the shown key validity is not necessarily correct
> unless you restart the program.
>
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> CAE38BC93D90B852D88465DD3A1959EEF8726006 trust
> Secret subkeys are available.
>
> gpg: checking the trustdb
> gpg: marginals needed: 3 completes needed: 1 trust model: pgp
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2023-10-02
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to correctly verify other users' keys
> (by looking at passports, checking fingerprints from different sources, etc.)
>
> 1 = I don't know or won't say
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> 5 = I trust ultimately
> m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage: SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
>
>
>
> And here's the stack trace:
>
> [INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts) @ all ---
> GPG Passphrase: * *[INFO]
> ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO]
> [INFO] JavaBeans Activation Framework distribution 1.2.1 .. FAILURE [ 1.628 s]
> *[INFO] JavaBeans Activation Framework ..................... SKIPPED
> [INFO] JavaBeans Activation Framework API jar 1.2.1 ....... SKIPPED
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO] ------------------------------------------------------------------------
> *[INFO] Total time: 2.013 s
> [INFO] Finished at: 2018-10-30T01:24:21Z
> [INFO] ------------------------------------------------------------------------
> *[ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.: NullPointerException
> -> [Help 1]
> *org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:21 *3)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:146)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.ja *va:117)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal *.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute (*MavenCli.java:954)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method *)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke * (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
> at org.codehaus.plexu *s.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by: org.apache.maven.plugin.PluginExecutionException: Execu *tion
> sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
> failed.
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:148)
> at org.apache.maven.lifecycle. *internal.MojoExecutor.execute
> (MojoExecutor.java:208)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoEx *ecutor.java:146)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildPr *oject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute *
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute (DefaultMave *n.java:105)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
> at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
> at sun.refle *ct.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43) *
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> ( *Launcher.java:229)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by: java.lang.NullPointerException
> * at java.util.Hashtable.put (Hashtable.java:460)
> at java.util.Properties.setProperty (Properties.java:166)
> at org.apache.maven.plugin.gpg.GpgSigner.getPassphrase (GpgSigner.java:273)
> at org.apache.maven.plugin.gpg.AbstractGpgMojo.newSigner
> (AbstractGpgMojo.java:104)
> at org.apache.maven.plugin.gpg.GpgSignAttachedMojo.execute
> (GpgSignAttachedMojo.java:120)
> at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:137 *)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:208)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecut *or.java:146)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.i
> *nternal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMave *n.java:305)
> at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
> at org.apache.maven.cli. *MavenCli.doMain (MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
> at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.jav *a:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke (Method.java:498)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced *
> (Launcher.java:289)
> at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
> at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at org.codehaus.plexus.classworlds.launcher.Launcher.main *
> (Launcher.java:356)
> [ERROR]
>
>
> It looks like it's trying to prompt for the passphrase interactively, which
> is obviously not going to work. Aren't those earlier gpg commands supposed
> to set things up so it can find the passphrase without prompting?
>
>
> Romain Grécourt wrote on 10/29/2018 06:14 PM:
> > Hard to tell without a stack trace in this case.
> >
> > Can you add "-e" to the maven command line so that it prints the stack trace ?
> > Then we can look at the plugin code and try to figure it out.
> >
> > Thanks,
> > Romain
> >
> > On Mon, Oct 29, 2018 at 6:01 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>
> > <mailto:bill.shannon@xxxxxxxxxx <mailto:bill.shannon@xxxxxxxxxx>>> wrote:
> >
> > I'm trying to stage a final release of JAF.
> >
> > First I tried "mvn -B ... deploy", but that failed with:
> >
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on
> project
> > all: Cannot obtain passphrase in batch mode -> [Help 1]
> >
> > So I got rid of the "-B", but then it fails with:
> >
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on
> project
> > all: Execution sign-artifacts of goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.:
> NullPointerException
> > -> [Help 1]
> >
> > My Jenkins job is:
> > https://jenkins.eclipse.org/jaf/job/jaf-branch-build-release/
> >
> > I believe I've configured all the security stuff correctly, and I've
> > included the gpg workaround in my build script, which I've included below.
> > What did I do wrong?
> >
> >
> > -----
> >
> > TOOLS_PREFIX='/opt/tools'
> > JAVA_PREFIX="${TOOLS_PREFIX}/java/oracle"
> > MVN_HOME="${TOOLS_PREFIX}/apache-maven/latest"
> > JAVA_HOME="${JAVA_PREFIX}/jdk-8/latest"
> >
> PATH="${MVN_HOME}/bin:${JAVA_HOME}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> >
> > HELP_PLUGIN='org.apache.maven.plugins:maven-help-plugin:2.1.1'
> >
> > # Customize these for each project
> > STAGING_NAME=jakartaactivation
> > STAGING_DESC="Eclipse Project for JAF"
> > STAGING_PROFILE_ID=70fc011e3d589e
> >
> >
> >
> > # Workaround: GPG initialization
> > gpg --batch --import ${KEYRING}
> > for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print
> $10}' |
> > sort -u);
> > do
> > echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key
> $fpr trust;
> > done
> >
> > # XXX - just to make sure it doesn't change
> > mvn -B nexus-staging:rc-list-profiles
> >
> > # Clean up from any previous failures
> > for id in $(mvn -B nexus-staging:rc-list | \
> > egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
> > awk '{print $2}')
> > do
> > echo "Closing and dropping $id"
> > mvn -B nexus-staging:rc-close nexus-staging:rc-drop \
> > -DstagingRepositoryId="$id" \
> > -DstagingDescription="${STAGING_DESC}"
> > done
> >
> > # Open a new staging repo
> > mvn -B nexus-staging:rc-open \
> > -DstagingProfileId="${STAGING_PROFILE_ID}" \
> > -DstagingDescription="${STAGING_DESC}"
> >
> > # Get the ID of the newly created staging repo
> > STAGING_REPO_ID=$(mvn -B nexus-staging:rc-list | \
> > egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
> > awk '{print $2}' | head -1)
> >
> > # Build
> > mvn -B clean install
> >
> > # Deploy
> > # Select the appropriate profile from our pom based on whether
> > # we're deploying a SNAPSHOT release or not.
> > VERSION=$(mvn -B ${HELP_PLUGIN}:evaluate \
> > -Dexpression=project.version 2> /dev/null | grep -v INFO)
> > case "$VERSION" in
> > *-SNAPSHOT)
> > PROFILE=deploy-snapshot
> > ;;
> > *)
> > PROFILE=deploy-release
> > ;;
> > esac
> > mvn -Poss-release -P"${PROFILE}" \
> > -DstagingRepositoryId="${STAGING_REPO_ID}" deploy
> >
> > # Close the nexus staging repository
> > mvn -B nexus-staging:rc-close \
> > -DstagingRepositoryId="${STAGING_REPO_ID}" \
> > -DstagingDescription="${STAGING_DESC}"
> >
> > # If it's a SNAPSHOT version, just release it.
> > case "$VERSION" in
> > *-SNAPSHOT)
> > mvn -B nexus-staging:rc-release \
> > -DstagingRepositoryId="${STAGING_REPO_ID}" \
> > -DstagingDescription="${STAGING_DESC}"
> > ;;
> > esac
> > _______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>
> <mailto:ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>>
> > To change your delivery options, retrieve your password, or
> unsubscribe from
> > this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
> >
> >
> > _______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>
> > To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
>