commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [dbutils] sign-artifacts hangs during release:prepare
Date Tue, 13 Dec 2011 14:23:16 GMT
FWIW: My set up is such that I always enter my password on the CLI when
Maven asks for it.

Gary

On Tue, Dec 13, 2011 at 9:20 AM, sebb <sebbaz@gmail.com> wrote:

> On 13 December 2011 13:53, William Speirs <wspeirs@apache.org> wrote:
> > On Tue, Dec 13, 2011 at 12:16 AM, Gary Gregory <garydgregory@gmail.com>
> wrote:
> >> Did you do the whole master pass phrase/obfuscated stuff that the top
> >> of the Using Nexus wiki points to?
> >
> > I did not do this at first, but I have since tried. I setup my
> > settings-security.xml file as show on the wiki page, and added the
> > encrypted passwords to my settings.xml file. Still doesn't work.
> >
> > Below is my entire settings.xml file (with passwords removed). By
> > adding the <mavenExecutorId> element, it will not hang but prompt me
> > for a password if it's not supplied via <gpg.passphrase>. However,
> > even when I type my passphrase in, it still rejects it. Again, if I
> > use gpg -c somefile.txt and type in that same passphrase, everything
> > works.
> >
> > I'm testing this by running: mvn -Prc,apache package gpg:sign
>
> Not sure what the rc profile does compared with the release profile.
>
> What version of GPG are you using?
>
>
> > And I keep getting:
> >
> > [INFO] [gpg:sign {execution: default-cli}]
> > gpg: skipped "B0EC1E65": bad passphrase
> > gpg: signing failed: bad passphrase
> >
> > I'm at a loss at this point...
> >
> > Bill-
> >
> > * settings.xml *
> >
> > <?xml version="1.0"?>
> > <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
> > http://maven.apache.org/xsd/settings-1.0.0.xsd">
> >  <servers>
> >    <server>
> >      <id>apache.releases</id>
> >      <username>wspeirs</username>
> >      <password>{my encrypted Apache password here}</password>
> >      <filePermissions>664</filePermissions>
> >      <directoryPermissions>775</directoryPermissions>
> >    </server>
> >    <server>
> >      <id>apache.website</id>
> >      <username>wspeirs</username>
> >      <password>{my encrypted Apache password here}</password>
> >      <filePermissions>664</filePermissions>
> >      <directoryPermissions>775</directoryPermissions>
> >    </server>
> >    <server>
> >      <id>apache.snapshots</id>
> >      <username>wspeirs</username>
> >      <password>{my encrypted Apache password here}</password>
> >      <filePermissions>664</filePermissions>
> >      <directoryPermissions>775</directoryPermissions>
> >    </server>
> >  </servers>
> >  <profiles>
> >    <profile>
> >      <id>apache</id>
> >      <activation>
> >        <activeByDefault>false</activeByDefault>
> >      </activation>
> >      <properties>
> >        <mavenExecutorId>forked-path</mavenExecutorId>
> >        <commons.deployment.protocol>scp</commons.deployment.protocol>
> >        <gpg.keyname>B0EC1E65</gpg.keyname>
> >        <gpg.passphrase>{my encrypted GPG password here}</gpg.passphrase>
> >      </properties>
> >    </profile>
> >  </profiles>
> > </settings>
>
> I use an external GPG database (on a USB stick); but for test purposes
> I have a dummy signing key using a local database.
>
>    <profile>
>      <id>keyTest</id>
>      <properties>
>        <gpg.keyname>Deploy Test User</gpg.keyname>
>        <gpg.passphrase>password in clear</gpg.passphrase>
>        <gpg.useagent>false</gpg.useagent>
>      </properties>
>    </profile>
>
> Here's the real key profile:
>
>    <profile>
>      <id>keyReal</id>
>      <properties>
>        <gpg.keyname>4FAD5F62</gpg.keyname>
>        <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
>       <!-- must be on the execution path -->
>        <gpg.executable>gpg2</gpg.executable>
>        <gpg.useagent>false</gpg.useagent>
>      </properties>
>    </profile>
>
> I found gpg2 worked better for me, but I still use gpg1 sometimes.
>
> The real gpg password is not stored anywhere; I have to enter it at
> run-time.
>
> For example, if I remove the test password, I see the following:
>
> mvn package gpg:sign -PkeyTest
> ...
> [INFO] [jar:jar {execution: default-jar}]
> [INFO] [jar:test-jar {execution: default}]
> [INFO] [gpg:sign {execution: default-cli}]
> GPG Passphrase: * <= enter the passphrase here.
>
> The same applies to gpg1 and gpg2, but if I use gpg2, I also get the
> following warnings:
>
> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
>
> The settings-security.xml file is not needed for GPG passwords.
> And I've not tried it.
>
> I suggest you set up a dummy local key and password as per my example.
> Get that working, then try specifying the secret key ring to point to
> the dummy key.
> When that works, drop the password.
> Then fix the secret key ring tag to point to your real secret key ring.
>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
JUnit in Action, 2nd Ed: <http://goog_1249600977>http://bit.ly/ECvg0
Spring Batch in Action: <http://s.apache.org/HOq>http://bit.ly/bqpbCK
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message