Re: [ee4j-build] gpg failure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ee4j-build] gpg failure

From: Romain Grécourt <romain.grecourt@xxxxxxxxx>
Date: Mon, 29 Oct 2018 21:09:21 -0700
Delivered-to: ee4j-build@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/ee4j-build>
List-help: <mailto:ee4j-build-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=unsubscribe>

I'm guessing you didn't create that GPG key yourself, otherwise you would know the passphrase.

If the key was provided by eclipse infra, then you'd have to ask them.

Perhaps Tomas knows ?

On Mon, Oct 29, 2018 at 7:35 PM Bill Shannon <bill.shannon@xxxxxxxxxx> wrote:

What is the passphrase? Where do I find it?
I don't see this described anywhere in the build instructions.
https://wiki.eclipse.org/EE4J_Build

Romain Grécourt wrote on 10/29/2018 06:49 PM:
> You can pass the passphrase using -Dgpg.passphrase in your maven command line.
> See http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphrase
>
> On Mon, Oct 29, 2018 at 6:37 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>> wrote:
>
> It sure seems like it must be related to passing the passphrase to the plugin,
> which probably means the gpg commands aren't doing the right thing. Here's
> the output from the gpg "workaround" code:
>
> + gpg --batch --import ****
> gpg: directory '/home/jenkins/.gnupg' created
> gpg: keybox '/home/jenkins/.gnupg/pubring.kbx' created
> gpg: key 3A1959EEF8726006: 1 signature not checked due to a missing key
> gpg: /home/jenkins/.gnupg/trustdb.gpg: trustdb created
> gpg: key 3A1959EEF8726006: public key "Eclipse Project for JAF
> <jaf-dev@xxxxxxxxxxx <mailto:jaf-dev@xxxxxxxxxxx>>" imported
> gpg: To migrate 'secring.gpg', with each smartcard, run: gpg --card-status
> gpg: key 3A1959EEF8726006: secret key imported
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: secret keys read: 1
> gpg: secret keys imported: 1
> gpg: no ultimately trusted keys found
> + gpg --list-keys --with-colons
> + awk -F: '/fpr:/ {print $10}'
> + sort -u
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> 6DD3B8C64EF75253BEB2C53AD908A43FB7EC07AC trust
> Secret subkeys are available.
>
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to correctly verify other users' keys
> (by looking at passports, checking fingerprints from different sources, etc.)
>
>    1 = I don't know or won't say
>    2 = I do NOT trust
>    3 = I trust marginally
>    4 = I trust fully
>    5 = I trust ultimately
>    m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: ultimate validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
> Please note that the shown key validity is not necessarily correct
> unless you restart the program.
>
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> CAE38BC93D90B852D88465DD3A1959EEF8726006 trust
> Secret subkeys are available.
>
> gpg: checking the trustdb
> gpg: marginals needed: 3 completes needed: 1 trust model: pgp
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2023-10-02
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to correctly verify other users' keys
> (by looking at passports, checking fingerprints from different sources, etc.)
>
>    1 = I don't know or won't say
>    2 = I do NOT trust
>    3 = I trust marginally
>    4 = I trust fully
>    5 = I trust ultimately
>    m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
>    created: 2018-10-03 expires: 2023-10-02 usage: SCEA
>    trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
>    created: 2018-10-03 expires: 2023-10-02 usage: S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
>
>
>
> And here's the stack trace:
>
> [INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts) @ all ---
> GPG Passphrase: * *[INFO]
> ------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO]
> [INFO] JavaBeans Activation Framework distribution 1.2.1 .. FAILURE [ 1.628 s]
>   *[INFO] JavaBeans Activation Framework ..................... SKIPPED
> [INFO] JavaBeans Activation Framework API jar 1.2.1 ....... SKIPPED
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO] ------------------------------------------------------------------------
>   *[INFO] Total time: 2.013 s
> [INFO] Finished at: 2018-10-30T01:24:21Z
> [INFO] ------------------------------------------------------------------------
> *[ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.: NullPointerException
> -> [Help 1]
>   *org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:21 *3)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:146)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.ja *va:117)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
>    at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
>    at org.apache.maven.lifecycle.internal *.LifecycleStarter.execute
> (LifecycleStarter.java:128)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
>    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
>    at org.apache.maven.cli.MavenCli.execute (*MavenCli.java:954)
>    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
>    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
>    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method *)
>    at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
>    at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
>    at java.lang.reflect.Method.invoke * (Method.java:498)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
>    at org.codehaus.plexu *s.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by: org.apache.maven.plugin.PluginExecutionException: Execu *tion
> sign-artifacts of goal org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
> failed.
>    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:148)
>    at org.apache.maven.lifecycle. *internal.MojoExecutor.execute
> (MojoExecutor.java:208)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoEx *ecutor.java:146)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildPr *oject
> (LifecycleModuleBuilder.java:81)
>    at
> org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
>    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute *
> (LifecycleStarter.java:128)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
>    at org.apache.maven.DefaultMaven.execute (DefaultMave *n.java:105)
>    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
>    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288)
>    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
>    at sun.refle *ct.NativeMethodAccessorImpl.invoke0 (Native Method)
>    at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
>    at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43) *
>    at java.lang.reflect.Method.invoke (Method.java:498)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> ( *Launcher.java:229)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by: java.lang.NullPointerException
>   * at java.util.Hashtable.put (Hashtable.java:460)
>    at java.util.Properties.setProperty (Properties.java:166)
>    at org.apache.maven.plugin.gpg.GpgSigner.getPassphrase (GpgSigner.java:273)
>    at org.apache.maven.plugin.gpg.AbstractGpgMojo.newSigner
> (AbstractGpgMojo.java:104)
>    at org.apache.maven.plugin.gpg.GpgSignAttachedMojo.execute
> (GpgSignAttachedMojo.java:120)
>    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:137 *)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:208)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
>    at org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecut *or.java:146)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
>    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
>    at
> org.apache.maven.lifecycle.i
> *nternal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
>    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:128)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMave *n.java:305)
>    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
>    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
>    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:954)
>    at org.apache.maven.cli. *MavenCli.doMain (MavenCli.java:288)
>    at org.apache.maven.cli.MavenCli.main (MavenCli.java:192)
>    at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
>    at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.jav *a:62)
>    at sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
>    at java.lang.reflect.Method.invoke (Method.java:498)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced *
> (Launcher.java:289)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
>    at org.codehaus.plexus.classworlds.launcher.Launcher.main *
> (Launcher.java:356)
> [ERROR]
>
>
> It looks like it's trying to prompt for the passphrase interactively, which
> is obviously not going to work. Aren't those earlier gpg commands supposed
> to set things up so it can find the passphrase without prompting?
>
>
> Romain Grécourt wrote on 10/29/2018 06:14 PM:
> > Hard to tell without a stack trace in this case.
> >
> > Can you add "-e" to the maven command line so that it prints the stack trace ?
> > Then we can look at the plugin code and try to figure it out.
> >
> > Thanks,
> > Romain
> >
> > On Mon, Oct 29, 2018 at 6:01 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>
> > <mailto:bill.shannon@xxxxxxxxxx <mailto:bill.shannon@xxxxxxxxxx>>> wrote:
> >
> > I'm trying to stage a final release of JAF.
> >
> > First I tried "mvn -B ... deploy", but that failed with:
> >
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on
> project
> > all: Cannot obtain passphrase in batch mode -> [Help 1]
> >
> > So I got rid of the "-B", but then it fails with:
> >
> > [ERROR] Failed to execute goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign (sign-artifacts) on
> project
> > all: Execution sign-artifacts of goal
> > org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.:
> NullPointerException
> > -> [Help 1]
> >
> > My Jenkins job is:
> > https://jenkins.eclipse.org/jaf/job/jaf-branch-build-release/
> >
> > I believe I've configured all the security stuff correctly, and I've
> > included the gpg workaround in my build script, which I've included below.
> > What did I do wrong?
> >
> >
> > -----
> >
> > TOOLS_PREFIX='/opt/tools'
> > JAVA_PREFIX="${TOOLS_PREFIX}/java/oracle"
> > MVN_HOME="${TOOLS_PREFIX}/apache-maven/latest"
> > JAVA_HOME="${JAVA_PREFIX}/jdk-8/latest"
> >
>   PATH="${MVN_HOME}/bin:${JAVA_HOME}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> >
> > HELP_PLUGIN='org.apache.maven.plugins:maven-help-plugin:2.1.1'
> >
> > # Customize these for each project
> > STAGING_NAME=jakartaactivation
> > STAGING_DESC="Eclipse Project for JAF"
> > STAGING_PROFILE_ID=70fc011e3d589e
> >
> >
> >
> > # Workaround: GPG initialization
> > gpg --batch --import ${KEYRING}
> > for fpr in $(gpg --list-keys --with-colons | awk -F: '/fpr:/ {print
> $10}' |
> > sort -u);
> > do
> >    echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key
> $fpr trust;
> > done
> >
> > # XXX - just to make sure it doesn't change
> > mvn -B nexus-staging:rc-list-profiles
> >
> > # Clean up from any previous failures
> > for id in $(mvn -B nexus-staging:rc-list | \
> >    egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
> >    awk '{print $2}')
> > do
> >    echo "Closing and dropping $id"
> >    mvn -B nexus-staging:rc-close nexus-staging:rc-drop \
> >    -DstagingRepositoryId="$id" \
> >    -DstagingDescription="${STAGING_DESC}"
> > done
> >
> > # Open a new staging repo
> > mvn -B nexus-staging:rc-open \
> >    -DstagingProfileId="${STAGING_PROFILE_ID}" \
> >    -DstagingDescription="${STAGING_DESC}"
> >
> > # Get the ID of the newly created staging repo
> > STAGING_REPO_ID=$(mvn -B nexus-staging:rc-list | \
> >    egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[ ]+OPEN[ ]+${STAGING_DESC}" | \
> >    awk '{print $2}' | head -1)
> >
> > # Build
> > mvn -B clean install
> >
> > # Deploy
> > # Select the appropriate profile from our pom based on whether
> > # we're deploying a SNAPSHOT release or not.
> > VERSION=$(mvn -B ${HELP_PLUGIN}:evaluate \
> >    -Dexpression=project.version 2> /dev/null | grep -v INFO)
> > case "$VERSION" in
> > *-SNAPSHOT)
> >    PROFILE=""> > >    ;;
> > *)
> >    PROFILE=""> > >    ;;
> > esac
> > mvn -Poss-release -P"${PROFILE}" \
> >    -DstagingRepositoryId="${STAGING_REPO_ID}" deploy
> >
> > # Close the nexus staging repository
> > mvn -B nexus-staging:rc-close \
> >    -DstagingRepositoryId="${STAGING_REPO_ID}" \
> >    -DstagingDescription="${STAGING_DESC}"
> >
> > # If it's a SNAPSHOT version, just release it.
> > case "$VERSION" in
> > *-SNAPSHOT)
> >    mvn -B nexus-staging:rc-release \
> >    -DstagingRepositoryId="${STAGING_REPO_ID}" \
> >    -DstagingDescription="${STAGING_DESC}"
> >    ;;
> > esac
> > _______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>
> <mailto:ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>>
> > To change your delivery options, retrieve your password, or
> unsubscribe from
> > this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
> >
> >
> > _______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx <mailto:ee4j-build@xxxxxxxxxxx>
> > To change your delivery options, retrieve your password, or unsubscribe
> from this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
>

Follow-Ups:
- Re: [ee4j-build] gpg failure
  - From: vinay.vishal@xxxxxxxxxx

References:
- [ee4j-build] gpg failure
  - From: Bill Shannon
- Re: [ee4j-build] gpg failure
  - From: Romain Grécourt
- Re: [ee4j-build] gpg failure
  - From: Bill Shannon
- Re: [ee4j-build] gpg failure
  - From: Romain Grécourt
- Re: [ee4j-build] gpg failure
  - From: Bill Shannon

Prev by Date: Re: [ee4j-build] gpg failure
Next by Date: Re: [ee4j-build] gpg failure
Previous by thread: Re: [ee4j-build] gpg failure
Next by thread: Re: [ee4j-build] gpg failure
Index(es):
- Date
- Thread

Breadcrumbs