gpg passphrase is defined in settings-<project>.xml, which
is available in drop-down when "Provide configuration files" is
selected to provide relevant configuration file.
Point 2 of the wiki has
instructions to add settings-security.xml, here settings-jaf.xml
too can be added as the second configuration file . (This file is
mentioned in point 4 of the wiki).
Thanks,
Vinay
On 30/10/18 9:39 AM, Romain Grécourt
wrote:
I'm guessing you didn't create that GPG key
yourself, otherwise you would know the passphrase.
If the key was provided by eclipse infra, then you'd have
to ask them.
Perhaps Tomas knows ?
What is the
passphrase? Where do I find it?
I don't see this described anywhere in the build instructions.
https://wiki.eclipse.org/EE4J_Build
Romain Grécourt wrote on 10/29/2018 06:49 PM:
> You can pass the passphrase using -Dgpg.passphrase in
your maven command line.
> See http://maven.apache.org/plugins/maven-gpg-plugin/sign-mojo.html#passphrase
>
> On Mon, Oct 29, 2018 at 6:37 PM Bill Shannon <bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>>
wrote:
>
> It sure seems like it must be related to passing the
passphrase to the plugin,
> which probably means the gpg commands aren't doing
the right thing. Here's
> the output from the gpg "workaround" code:
>
> + gpg --batch --import ****
> gpg: directory '/home/jenkins/.gnupg' created
> gpg: keybox '/home/jenkins/.gnupg/pubring.kbx'
created
> gpg: key 3A1959EEF8726006: 1 signature not checked
due to a missing key
> gpg: /home/jenkins/.gnupg/trustdb.gpg: trustdb
created
> gpg: key 3A1959EEF8726006: public key "Eclipse
Project for JAF
> <jaf-dev@xxxxxxxxxxx
<mailto:jaf-dev@xxxxxxxxxxx>>"
imported
> gpg: To migrate 'secring.gpg', with each smartcard,
run: gpg --card-status
> gpg: key 3A1959EEF8726006: secret key imported
> gpg: Total number processed: 1
> gpg: imported: 1
> gpg: secret keys read: 1
> gpg: secret keys imported: 1
> gpg: no ultimately trusted keys found
> + gpg --list-keys --with-colons
> + awk -F: '/fpr:/ {print $10}'
> + sort -u
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> 6DD3B8C64EF75253BEB2C53AD908A43FB7EC07AC trust
> Secret subkeys are available.
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: unknown validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to
correctly verify other users' keys
> (by looking at passports, checking fingerprints from
different sources, etc.)
>
> 1 = I don't know or won't say
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> 5 = I trust ultimately
> m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: ultimate validity: unknown
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ unknown] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
> Please note that the shown key validity is not
necessarily correct
> unless you restart the program.
>
> + echo -e '5\ny\n'
> + gpg --batch --command-fd 0 --expert --edit-key
> CAE38BC93D90B852D88465DD3A1959EEF8726006 trust
> Secret subkeys are available.
>
> gpg: checking the trustdb
> gpg: marginals needed: 3 completes needed: 1 trust
model: pgp
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-,
0q, 0n, 0m, 0f, 1u
> gpg: next trustdb check due at 2023-10-02
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
> Please decide how far you trust this user to
correctly verify other users' keys
> (by looking at passports, checking fingerprints from
different sources, etc.)
>
> 1 = I don't know or won't say
> 2 = I do NOT trust
> 3 = I trust marginally
> 4 = I trust fully
> 5 = I trust ultimately
> m = back to the main menu
>
>
> pub rsa4096/3A1959EEF8726006
> created: 2018-10-03 expires: 2023-10-02 usage:
SCEA
> trust: ultimate validity: ultimate
> ssb rsa4096/D908A43FB7EC07AC
> created: 2018-10-03 expires: 2023-10-02 usage:
S
> [ultimate] (1). Eclipse Project for JAF <jaf-dev@xxxxxxxxxxx
> <mailto:jaf-dev@xxxxxxxxxxx>>
>
>
>
>
> And here's the stack trace:
>
> [INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts)
@ all ---
> GPG Passphrase: * *[INFO]
>
------------------------------------------------------------------------
> [INFO] Reactor Summary:
> [INFO]
> [INFO] JavaBeans Activation Framework distribution
1.2.1 .. FAILURE [ 1.628 s]
> *[INFO] JavaBeans Activation Framework
..................... SKIPPED
> [INFO] JavaBeans Activation Framework API jar 1.2.1
....... SKIPPED
> [INFO]
------------------------------------------------------------------------
> [INFO] BUILD FAILURE
> [INFO]
------------------------------------------------------------------------
> *[INFO] Total time: 2.013 s
> [INFO] Finished at: 2018-10-30T01:24:21Z
> [INFO]
------------------------------------------------------------------------
> *[ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
(sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
failed.: NullPointerException
> -> [Help 1]
>
*org.apache.maven.lifecycle.LifecycleExecutionException:
Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
(sign-artifacts) on project
> all: Execution sign-artifacts of goal
> org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
failed.
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:21 *3)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:146)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.ja *va:117)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
>
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at org.apache.maven.lifecycle.internal
*.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute
(DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute
(*MavenCli.java:954)
> at org.apache.maven.cli.MavenCli.doMain
(MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main
(MavenCli.java:192)
> at sun.reflect.NativeMethodAccessorImpl.invoke0
(Native Method *)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at
sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke *
(Method.java:498)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
> at org.codehaus.plexu
*s.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by:
org.apache.maven.plugin.PluginExecutionException: Execu *tion
> sign-artifacts of goal
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
> failed.
> at
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:148)
> at org.apache.maven.lifecycle.
*internal.MojoExecutor.execute
> (MojoExecutor.java:208)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoEx *ecutor.java:146)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildPr
*oject
> (LifecycleModuleBuilder.java:81)
> at
>
org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at
org.apache.maven.lifecycle.internal.LifecycleStarter.execute *
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMaven.java:305)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute
(DefaultMave *n.java:105)
> at org.apache.maven.cli.MavenCli.execute
(MavenCli.java:954)
> at org.apache.maven.cli.MavenCli.doMain
(MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main
(MavenCli.java:192)
> at sun.refle *ct.NativeMethodAccessorImpl.invoke0
(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.java:62)
> at
sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43) *
> at java.lang.reflect.Method.invoke
(Method.java:498)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
> (Launcher.java:289)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launch
> ( *Launcher.java:229)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.main
> (Launcher.java:356)
> Caused by: java.lang.NullPointerException
> * at java.util.Hashtable.put (Hashtable.java:460)
> at java.util.Properties.setProperty
(Properties.java:166)
> at
org.apache.maven.plugin.gpg.GpgSigner.getPassphrase
(GpgSigner.java:273)
> at
org.apache.maven.plugin.gpg.AbstractGpgMojo.newSigner
> (AbstractGpgMojo.java:104)
> at
org.apache.maven.plugin.gpg.GpgSignAttachedMojo.execute
> (GpgSignAttachedMojo.java:120)
> at
org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo
> (DefaultBuildPluginManager.java:137 *)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:208)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecutor.java:154)
> at
org.apache.maven.lifecycle.internal.MojoExecutor.execute
> (MojoExecut *or.java:146)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:117)
> at
org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject
> (LifecycleModuleBuilder.java:81)
> at
> org.apache.maven.lifecycle.i
>
*nternal.builder.singlethreaded.SingleThreadedBuilder.build
> (SingleThreadedBuilder.java:56)
> at
org.apache.maven.lifecycle.internal.LifecycleStarter.execute
> (LifecycleStarter.java:128)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMave *n.java:305)
> at org.apache.maven.DefaultMaven.doExecute
(DefaultMaven.java:192)
> at org.apache.maven.DefaultMaven.execute
(DefaultMaven.java:105)
> at org.apache.maven.cli.MavenCli.execute
(MavenCli.java:954)
> at org.apache.maven.cli. *MavenCli.doMain
(MavenCli.java:288)
> at org.apache.maven.cli.MavenCli.main
(MavenCli.java:192)
> at sun.reflect.NativeMethodAccessorImpl.invoke0
(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke
> (NativeMethodAccessorImpl.jav *a:62)
> at
sun.reflect.DelegatingMethodAccessorImpl.invoke
> (DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke
(Method.java:498)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced
*
> (Launcher.java:289)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.launch
> (Launcher.java:229)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode
> (Launcher.java:415)
> at
org.codehaus.plexus.classworlds.launcher.Launcher.main *
> (Launcher.java:356)
> [ERROR]
>
>
> It looks like it's trying to prompt for the
passphrase interactively, which
> is obviously not going to work. Aren't those earlier
gpg commands supposed
> to set things up so it can find the passphrase
without prompting?
>
>
> Romain Grécourt wrote on 10/29/2018 06:14 PM:
> > Hard to tell without a stack trace in this case.
> >
> > Can you add "-e" to the maven command line so
that it prints the stack trace ?
> > Then we can look at the plugin code and try to
figure it out.
> >
> > Thanks,
> > Romain
> >
> > On Mon, Oct 29, 2018 at 6:01 PM Bill Shannon
<bill.shannon@xxxxxxxxxx
> <mailto:bill.shannon@xxxxxxxxxx>
> > <mailto:bill.shannon@xxxxxxxxxx
<mailto:bill.shannon@xxxxxxxxxx>>>
wrote:
> >
> > I'm trying to stage a final release of JAF.
> >
> > First I tried "mvn -B ... deploy", but that
failed with:
> >
> > [ERROR] Failed to execute goal
> >
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
(sign-artifacts) on
> project
> > all: Cannot obtain passphrase in batch mode
-> [Help 1]
> >
> > So I got rid of the "-B", but then it fails
with:
> >
> > [ERROR] Failed to execute goal
> >
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign
(sign-artifacts) on
> project
> > all: Execution sign-artifacts of goal
> >
org.apache.maven.plugins:maven-gpg-plugin:1.1:sign failed.:
> NullPointerException
> > -> [Help 1]
> >
> > My Jenkins job is:
> > https://jenkins.eclipse.org/jaf/job/jaf-branch-build-release/
> >
> > I believe I've configured all the security
stuff correctly, and I've
> > included the gpg workaround in my build
script, which I've included below.
> > What did I do wrong?
> >
> >
> > -----
> >
> > TOOLS_PREFIX='/opt/tools'
> > JAVA_PREFIX="${TOOLS_PREFIX}/java/oracle"
> >
MVN_HOME="${TOOLS_PREFIX}/apache-maven/latest"
> > JAVA_HOME="${JAVA_PREFIX}/jdk-8/latest"
> >
>
PATH="${MVN_HOME}/bin:${JAVA_HOME}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
> >
> >
HELP_PLUGIN='org.apache.maven.plugins:maven-help-plugin:2.1.1'
> >
> > # Customize these for each project
> > STAGING_NAME=jakartaactivation
> > STAGING_DESC="Eclipse Project for JAF"
> > STAGING_PROFILE_ID=70fc011e3d589e
> >
> >
> >
> > # Workaround: GPG initialization
> > gpg --batch --import ${KEYRING}
> > for fpr in $(gpg --list-keys --with-colons
| awk -F: '/fpr:/ {print
> $10}' |
> > sort -u);
> > do
> > echo -e "5\ny\n" | gpg --batch
--command-fd 0 --expert --edit-key
> $fpr trust;
> > done
> >
> > # XXX - just to make sure it doesn't change
> > mvn -B nexus-staging:rc-list-profiles
> >
> > # Clean up from any previous failures
> > for id in $(mvn -B nexus-staging:rc-list | \
> > egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[
]+OPEN[ ]+${STAGING_DESC}" | \
> > awk '{print $2}')
> > do
> > echo "Closing and dropping $id"
> > mvn -B nexus-staging:rc-close
nexus-staging:rc-drop \
> > -DstagingRepositoryId="$id" \
> > -DstagingDescription="${STAGING_DESC}"
> > done
> >
> > # Open a new staging repo
> > mvn -B nexus-staging:rc-open \
> > -DstagingProfileId="${STAGING_PROFILE_ID}"
\
> > -DstagingDescription="${STAGING_DESC}"
> >
> > # Get the ID of the newly created staging
repo
> > STAGING_REPO_ID=$(mvn -B
nexus-staging:rc-list | \
> > egrep "^\[INFO\] ${STAGING_NAME}\-[0-9]+[
]+OPEN[ ]+${STAGING_DESC}" | \
> > awk '{print $2}' | head -1)
> >
> > # Build
> > mvn -B clean install
> >
> > # Deploy
> > # Select the appropriate profile from our
pom based on whether
> > # we're deploying a SNAPSHOT release or not.
> > VERSION=$(mvn -B ${HELP_PLUGIN}:evaluate \
> > -Dexpression=project.version
2> /dev/null | grep -v INFO)
> > case "$VERSION" in
> > *-SNAPSHOT)
> > PROFILE="">
> > ;;
> > *)
> > PROFILE="">
> > ;;
> > esac
> > mvn -Poss-release -P"${PROFILE}" \
> > -DstagingRepositoryId="${STAGING_REPO_ID}"
deploy
> >
> > # Close the nexus staging repository
> > mvn -B nexus-staging:rc-close \
> > -DstagingRepositoryId="${STAGING_REPO_ID}"
\
> > -DstagingDescription="${STAGING_DESC}"
> >
> > # If it's a SNAPSHOT version, just release
it.
> > case "$VERSION" in
> > *-SNAPSHOT)
> > mvn -B nexus-staging:rc-release \
> >
-DstagingRepositoryId="${STAGING_REPO_ID}" \
> > -DstagingDescription="${STAGING_DESC}"
> > ;;
> > esac
> >
_______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx
<mailto:ee4j-build@xxxxxxxxxxx>
> <mailto:ee4j-build@xxxxxxxxxxx
<mailto:ee4j-build@xxxxxxxxxxx>>
> > To change your delivery options, retrieve
your password, or
> unsubscribe from
> > this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
> >
> >
> > _______________________________________________
> > ee4j-build mailing list
> > ee4j-build@xxxxxxxxxxx
<mailto:ee4j-build@xxxxxxxxxxx>
> > To change your delivery options, retrieve your
password, or unsubscribe
> from this list, visit
> > https://www.eclipse.org/mailman/listinfo/ee4j-build
> >
>
_______________________________________________
ee4j-build mailing list
ee4j-build@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-build
|