rultor
rultor copied to clipboard
yegor256
Release because maven-gpg-plugin:sign-artifacts failed to sing artifacts
Good day!
Trying to user Riltor to perform a release of https://github.com/maven-download-plugin/maven-download-plugin
The release procedure has stuck on maven-gpg-plugin:sign-artifacts execution
[INFO] --- maven-gpg-plugin:1.1:sign (sign-artifacts) @ download-maven-plugin ---
GPG Passphrase: *
For more than 2h See build log http://www.rultor.com/t/20245-531331268
Is it possible to diagnose what is wrong there?
Thanks in advance!
/cc @yegor256
@longtimeago/z this project will fix the problem faster if you donate a few dollars to it; just click here and pay via Stripe, it's very fast, convenient and appreciated; thanks a lot!
upgraded maven-gpg-plugin to 1.6 and now there is another problem
[INFO] --- maven-gpg-plugin:1.6:sign (sign-artifacts) @ download-maven-plugin ---
gpg: no default secret key: secret key not available
gpg: signing failed: secret key not available
According to logs http://www.rultor.com/t/20245-531372499 my settings.xml is fetched by rultor
drwx--x--x 3 rultor rultor 4096 Sep 13 22:03 .
drwxrwxrwt 39 root root 684032 Sep 13 22:03 ..
-rw-rw-r-- 1 rultor rultor 444 Sep 13 22:03 end.sh
-rwxrwxr-x 1 rultor rultor 338 Sep 13 22:03 entry.sh
-rw-rw-r-- 1 rultor rultor 6 Sep 13 22:03 pid
-rw-rw-r-- 1 rultor rultor 2456 Sep 13 22:03 pubring.gpg
drwxrwxr-x 4 rultor rultor 4096 Sep 13 22:03 repo
-rwxrwxr-x 1 rultor rultor 5484 Sep 13 22:03 run.sh
-rw-rw-r-- 1 rultor rultor 477 Sep 13 22:03 script.sh
-rw-rw-r-- 1 rultor rultor 2456 Sep 13 22:03 secring.gpg
-rw-rw-r-- 1 rultor rultor 581 Sep 13 22:03 settings.xml
-rw-rw-r-- 1 rultor rultor 3558 Sep 13 22:03 stdout
and the last attempt
[INFO] --- maven-gpg-plugin:1.6:sign (sign-artifacts) @ download-maven-plugin ---
gpg: WARNING: unsafe permissions on homedir `/home/r'
gpg: [don't know]: invalid packet (ctb=2d)
gpg: keydb_search failed: invalid packet
gpg: skipped "7A2C93E5A102760514F184935E69C8E021C31599": invalid packet
gpg: signing failed: invalid packet
http://www.rultor.com/t/20245-531382861
tried to sign artifact locally using the same pgp key - signed without any issue
release issue https://github.com/maven-download-plugin/maven-download-plugin/pull/141
@yegor256 would appreciate any help here :)
@longtimeago did you read this? https://www.yegor256.com/2014/08/19/how-to-release-to-maven-central.html You need to have the secret key specified inside your pom.xml. It seems that you don't have it there.
@yegor256 yup, read this article back and forth :)
I've created settings.xml according to https://www.yegor256.com/2014/08/19/how-to-release-to-maven-central.html#create-settingsxml, encrypted it with rultor encrypt command and put to project root
https://github.com/maven-download-plugin/maven-download-plugin/blob/master/settings.xml.asc
Also 2 more files are nearby:
https://github.com/maven-download-plugin/maven-download-plugin/blob/master/pubring.gpg.asc
https://github.com/maven-download-plugin/maven-download-plugin/blob/master/secring.gpg.asc
Here is my .rultor.yaml https://github.com/maven-download-plugin/maven-download-plugin/blob/master/.rultor.yml
What else could be missing?
@longtimeago my best guess is that the GPG files you have are not acceptable for the plugin. I don't know how you created them... Maybe something is wrong there.
@yegor256 afais, maven-gpg-plugin under-the-hood uses gpg executable to encrypt artifacts https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugin/gpg/GpgSigner.java#L66
Rultor container has
+ gpg --version
gpg (GnuPG) 1.4.20
But I generated gpg keys with gpg2 (which is a default for Ubuntu). Maybe this is the cause ... Let me check if old keys generated with an old gpg would pass
There are many issues about signing, not sure that everybody read the pre last step from sonatype, that the key should be published on some server https://central.sonatype.org/publish/requirements/gpg/#distributing-your-public-key
