commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: [dbutils] sign-artifacts hangs during release:prepare
Date Wed, 21 Dec 2011 18:03:24 GMT
On Wed, Dec 21, 2011 at 12:23 PM, William Speirs <wspeirs@apache.org> wrote:

> I was able to get past the SVN authentication issue by providing my
> username and password on the command line like this:
>
> -Dusername=wspeirs -Dpassword=XXXXX
>
> However, I was still required to type my password ~10 times during the
> upload process. Is there any way around this? I feel like my
> settings.xml file is wrong:
>
>  <servers>
>    <server>
>      <id>apache.releases.https</id>
>      <username>wspeirs</username>
>      <password>{XXXXXXXXXX}</password>
>       <filePermissions>664</filePermissions>
>      <directoryPermissions>775</directoryPermissions>
>    </server>
>    <server>
>      <id>apache.website</id>
>      <username>wspeirs</username>
>       <password>{XXXXXXXXXX}</password>
>       <filePermissions>664</filePermissions>
>      <directoryPermissions>775</directoryPermissions>
>    </server>
>    <server>
>       <id>apache.snapshots.https</id>
>      <username>wspeirs</username>
>      <password>{XXXXXXXXXX}</password>
>       <filePermissions>664</filePermissions>
>      <directoryPermissions>775</directoryPermissions>
>    </server>
>  </servers>
>
>
> Gary, I have no clue what a "infra Jira" is...
>
>
Here it is:
https://issues.apache.org/jira/browse/INFRA?selectedTab=com.atlassian.jira.plugin.system.project%3Asummary-panel

Gary

>
> Thanks!
>
> Bill-
>
> On Thu, Dec 15, 2011 at 7:13 AM, Gary Gregory <garydgregory@gmail.com>
> wrote:
> > On Dec 15, 2011, at 4:42, sebb <sebbaz@gmail.com> wrote:
> >
> >> On 15 December 2011 03:32, William Speirs <wspeirs@apache.org> wrote:
> >>> Anyone have any idea on this? Should I be seeing basic auth for my
> >>> challenge? Where can I set the password as I was never prompted to
> >>> enter it.
> >>>
> >>> At this point, can someone else deploy RC1 while I figure out what is
> >>> wrong on my end?
> >>
> >> I don't use the release plugin so cannot help directly.
> >>
> >> You could create the RC tag manually, as described in
> >>
> >>
> http://wiki.apache.org/commons/UsingNexus#Create_the_SVN_tags_.28Manual_method.29
> >>
> >> This has the advantage that trunk never loses the SNAPSHOT suffix, and
> >> you have a clean workspace in which to build the code, and the SVN
> >> commands are not buried in the Maven invocation.
> >>
> >> However, AFAICT dbutils is not currently set up to use Nexus - it's
> >> not an o.a.c groupId - so you cannot use Nexus to stage and deploy the
> >> Maven artifacts.
> >
> > You just need an infra Jira to create the nexus stuff for this group Id.
> >
> > Gary
> >
> >>
> >> Be very careful you don't accidentally deploy the artifacts to the
> >> live repo before the vote succeeds.
> >> Sorry, but I don't know how deployment is done without Nexus.
> >>
> >>> Thanks...
> >>>
> >>> Bill-
> >>>
> >>> On Tue, Dec 13, 2011 at 4:32 PM, William Speirs <wspeirs@apache.org>
> wrote:
> >>>> First, thank you all again for the help!
> >>>>
> >>>> I got past the GPG step, now I'm stuck on password/auth issues now
> with SVN :-(
> >>>>
> >>>> I thought the issue was that my password manager wasn't authed and
> >>>> that svn was working in a non-interactive mode, so it couldn't get my
> >>>> password; this was the reason for -r1213934.
> >>>>
> >>>> Anyway, output below... any/all ideas welcomed!
> >>>>
> >>>> Bill-
> >>>>
> >>>> [INFO] Checking in modified POMs...
> >>>> [INFO] Executing: /bin/sh -c cd
> >>>> /home/wspeirs/workspace/commons-dbutils && svn --non-interactive
> >>>> commit --file /tmp/maven-scm-481300763.commit --targets
> >>>> /tmp/maven-scm-3917786176898805146-targets
> >>>> [INFO] Working directory: /home/wspeirs/workspace/commons-dbutils
> >>>> [INFO]
> ------------------------------------------------------------------------
> >>>> [ERROR] BUILD FAILURE
> >>>> [INFO]
> ------------------------------------------------------------------------
> >>>> [INFO] Unable to commit files
> >>>> Provider message:
> >>>> The svn command failed.
> >>>> Command output:
> >>>> svn: Commit failed (details follow):
> >>>> svn: MKACTIVITY of
> >>>> '/repos/asf/!svn/act/3b6f8370-abd6-4d88-adeb-7dc981ecd57f':
> >>>> authorization failed: Could not authenticate to server: rejected Basic
> >>>> challenge (https://svn.apache.org)
> >>>>
> >>>>
> >>>> On Tue, Dec 13, 2011 at 10:28 AM, sebb <sebbaz@gmail.com> wrote:
> >>>>> On 13 December 2011 15:19, William Speirs <wspeirs@apache.org>
> wrote:
> >>>>>> I will try adding the additional elements:
> >>>>>>
> >>>>>> <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
> >>>>>> <!-- must be on the execution path -->
> >>>>>> <gpg.executable>gpg2</gpg.executable>
> >>>>>
> >>>>> Sorry, should have clarified - the above requires gpg2 to be
> installed
> >>>>> and created.
> >>>>>
> >>>>> I installed both gpg1 and gpg2, and created gpg1 and gpg2 as copies
> of
> >>>>> their respective gpg executables.
> >>>>> e.g. on Windows copy gpg.exe gpg<n>.exe
> >>>>>
> >>>>> Both versions of gpg are on the execution path; running gpg picks
the
> >>>>> first one; running gpg1 or gpg2 picks only that version.
> >>>>>
> >>>>> This enables quick swapping between them as required.
> >>>>>
> >>>>>> And also try with gpg2.
> >>>>>>
> >>>>>> I'll try later today and update.
> >>>>>>
> >>>>>> Thanks again for all of the help!
> >>>>>>
> >>>>>> Bill-
> >>>>>>
> >>>>>> On Tue, Dec 13, 2011 at 9:23 AM, Gary Gregory <
> garydgregory@gmail.com> wrote:
> >>>>>>> FWIW: My set up is such that I always enter my password
on the CLI
> when
> >>>>>>> Maven asks for it.
> >>>>>>>
> >>>>>>> Gary
> >>>>>>>
> >>>>>>> On Tue, Dec 13, 2011 at 9:20 AM, sebb <sebbaz@gmail.com>
wrote:
> >>>>>>>
> >>>>>>>> On 13 December 2011 13:53, William Speirs <wspeirs@apache.org>
> wrote:
> >>>>>>>>> On Tue, Dec 13, 2011 at 12:16 AM, Gary Gregory <
> garydgregory@gmail.com>
> >>>>>>>> wrote:
> >>>>>>>>>> Did you do the whole master pass phrase/obfuscated
stuff that
> the top
> >>>>>>>>>> of the Using Nexus wiki points to?
> >>>>>>>>>
> >>>>>>>>> I did not do this at first, but I have since tried.
I setup my
> >>>>>>>>> settings-security.xml file as show on the wiki page,
and added
> the
> >>>>>>>>> encrypted passwords to my settings.xml file. Still
doesn't work.
> >>>>>>>>>
> >>>>>>>>> Below is my entire settings.xml file (with passwords
removed). By
> >>>>>>>>> adding the <mavenExecutorId> element, it will
not hang but
> prompt me
> >>>>>>>>> for a password if it's not supplied via <gpg.passphrase>.
> However,
> >>>>>>>>> even when I type my passphrase in, it still rejects
it. Again,
> if I
> >>>>>>>>> use gpg -c somefile.txt and type in that same passphrase,
> everything
> >>>>>>>>> works.
> >>>>>>>>>
> >>>>>>>>> I'm testing this by running: mvn -Prc,apache package
gpg:sign
> >>>>>>>>
> >>>>>>>> Not sure what the rc profile does compared with the
release
> profile.
> >>>>>>>>
> >>>>>>>> What version of GPG are you using?
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>> And I keep getting:
> >>>>>>>>>
> >>>>>>>>> [INFO] [gpg:sign {execution: default-cli}]
> >>>>>>>>> gpg: skipped "B0EC1E65": bad passphrase
> >>>>>>>>> gpg: signing failed: bad passphrase
> >>>>>>>>>
> >>>>>>>>> I'm at a loss at this point...
> >>>>>>>>>
> >>>>>>>>> Bill-
> >>>>>>>>>
> >>>>>>>>> * settings.xml *
> >>>>>>>>>
> >>>>>>>>> <?xml version="1.0"?>
> >>>>>>>>> <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
> >>>>>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >>>>>>>>> xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
> >>>>>>>>> http://maven.apache.org/xsd/settings-1.0.0.xsd">
> >>>>>>>>>  <servers>
> >>>>>>>>>    <server>
> >>>>>>>>>      <id>apache.releases</id>
> >>>>>>>>>      <username>wspeirs</username>
> >>>>>>>>>      <password>{my encrypted Apache password
here}</password>
> >>>>>>>>>      <filePermissions>664</filePermissions>
> >>>>>>>>>      <directoryPermissions>775</directoryPermissions>
> >>>>>>>>>    </server>
> >>>>>>>>>    <server>
> >>>>>>>>>      <id>apache.website</id>
> >>>>>>>>>      <username>wspeirs</username>
> >>>>>>>>>      <password>{my encrypted Apache password
here}</password>
> >>>>>>>>>      <filePermissions>664</filePermissions>
> >>>>>>>>>      <directoryPermissions>775</directoryPermissions>
> >>>>>>>>>    </server>
> >>>>>>>>>    <server>
> >>>>>>>>>      <id>apache.snapshots</id>
> >>>>>>>>>      <username>wspeirs</username>
> >>>>>>>>>      <password>{my encrypted Apache password
here}</password>
> >>>>>>>>>      <filePermissions>664</filePermissions>
> >>>>>>>>>      <directoryPermissions>775</directoryPermissions>
> >>>>>>>>>    </server>
> >>>>>>>>>  </servers>
> >>>>>>>>>  <profiles>
> >>>>>>>>>    <profile>
> >>>>>>>>>      <id>apache</id>
> >>>>>>>>>      <activation>
> >>>>>>>>>        <activeByDefault>false</activeByDefault>
> >>>>>>>>>      </activation>
> >>>>>>>>>      <properties>
> >>>>>>>>>        <mavenExecutorId>forked-path</mavenExecutorId>
> >>>>>>>>>
>  <commons.deployment.protocol>scp</commons.deployment.protocol>
> >>>>>>>>>        <gpg.keyname>B0EC1E65</gpg.keyname>
> >>>>>>>>>        <gpg.passphrase>{my encrypted GPG password
> here}</gpg.passphrase>
> >>>>>>>>>      </properties>
> >>>>>>>>>    </profile>
> >>>>>>>>>  </profiles>
> >>>>>>>>> </settings>
> >>>>>>>>
> >>>>>>>> I use an external GPG database (on a USB stick); but
for test
> purposes
> >>>>>>>> I have a dummy signing key using a local database.
> >>>>>>>>
> >>>>>>>>    <profile>
> >>>>>>>>      <id>keyTest</id>
> >>>>>>>>      <properties>
> >>>>>>>>        <gpg.keyname>Deploy Test User</gpg.keyname>
> >>>>>>>>        <gpg.passphrase>password in clear</gpg.passphrase>
> >>>>>>>>        <gpg.useagent>false</gpg.useagent>
> >>>>>>>>      </properties>
> >>>>>>>>    </profile>
> >>>>>>>>
> >>>>>>>> Here's the real key profile:
> >>>>>>>>
> >>>>>>>>    <profile>
> >>>>>>>>      <id>keyReal</id>
> >>>>>>>>      <properties>
> >>>>>>>>        <gpg.keyname>4FAD5F62</gpg.keyname>
> >>>>>>>>        <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
> >>>>>>>>       <!-- must be on the execution path -->
> >>>>>>>>        <gpg.executable>gpg2</gpg.executable>
> >>>>>>>>        <gpg.useagent>false</gpg.useagent>
> >>>>>>>>      </properties>
> >>>>>>>>    </profile>
> >>>>>>>>
> >>>>>>>> I found gpg2 worked better for me, but I still use gpg1
sometimes.
> >>>>>>>>
> >>>>>>>> The real gpg password is not stored anywhere; I have
to enter it
> at
> >>>>>>>> run-time.
> >>>>>>>>
> >>>>>>>> For example, if I remove the test password, I see the
following:
> >>>>>>>>
> >>>>>>>> mvn package gpg:sign -PkeyTest
> >>>>>>>> ...
> >>>>>>>> [INFO] [jar:jar {execution: default-jar}]
> >>>>>>>> [INFO] [jar:test-jar {execution: default}]
> >>>>>>>> [INFO] [gpg:sign {execution: default-cli}]
> >>>>>>>> GPG Passphrase: * <= enter the passphrase here.
> >>>>>>>>
> >>>>>>>> The same applies to gpg1 and gpg2, but if I use gpg2,
I also get
> the
> >>>>>>>> following warnings:
> >>>>>>>>
> >>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option
- it has no
> effect
> >>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option
- it has no
> effect
> >>>>>>>> gpg: WARNING: "--no-use-agent" is an obsolete option
- it has no
> effect
> >>>>>>>>
> >>>>>>>> The settings-security.xml file is not needed for GPG
passwords.
> >>>>>>>> And I've not tried it.
> >>>>>>>>
> >>>>>>>> I suggest you set up a dummy local key and password
as per my
> example.
> >>>>>>>> Get that working, then try specifying the secret key
ring to
> point to
> >>>>>>>> the dummy key.
> >>>>>>>> When that works, drop the password.
> >>>>>>>> Then fix the secret key ring tag to point to your real
secret key
> ring.
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> ---------------------------------------------------------------------
> >>>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>>>>>>>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> ---------------------------------------------------------------------
> >>>>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>>>>>>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> E-Mail: garydgregory@gmail.com | ggregory@apache.org
> >>>>>>> JUnit in Action, 2nd Ed: <http://goog_1249600977>
> http://bit.ly/ECvg0
> >>>>>>> Spring Batch in Action: <http://s.apache.org/HOq>
> http://bit.ly/bqpbCK
> >>>>>>> Blog: http://garygregory.wordpress.com
> >>>>>>> Home: http://garygregory.com/
> >>>>>>> Tweet! http://twitter.com/GaryGregory
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>>>>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>>>>
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>>>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >> For additional commands, e-mail: dev-help@commons.apache.org
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>


-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
JUnit in Action, 2nd Ed: <http://goog_1249600977>http://bit.ly/ECvg0
Spring Batch in Action: <http://s.apache.org/HOq>http://bit.ly/bqpbCK
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message