I tried putting the keyid and passphrase in the gradle.properties. But the signing.secretKeyRingFile didn't work as, AFAICT, Fedora doesn't have a secret key file lying around in the filesystem, I think it uses some secure storage for it.
On Tue, 25 Oct, 2022, 10:32 pm Houston Putman, <[email protected]> wrote: > The GPG stuff has been tested and works, though with certain inputs. I can > get it to work with `-PuseGPG` and providing the following properties > `-Psigning.gnupg.keyName` (with the full fingerprint) and > `-Psigning.gnupg.passphrase`. > > I think the problem is getting the passphrase to the GPG stuff through the > python script isn't working. > > Doing some local testing to see how we can fix it. > > In the meantime, if you put "signing.gnupg.passphrase=...." in your > ~/.gradle/gradle.properties then I bet the "-PuseGPG" option will work... > > - Houston > > On Tue, Oct 25, 2022 at 12:54 PM Ishan Chattopadhyaya < > [email protected]> wrote: > > > Has the GPG signing ever been tested with Linux (or Fedora in > particular)? > > Any ideas on how to proceed? > > > > > > On Tue, Oct 25, 2022 at 10:22 PM Ishan Chattopadhyaya < > > [email protected]> wrote: > > > > > Here are the logs with external GPG. > > > > > > ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u > > > dev-tools/scripts/buildAndPushRelease.py \ > > > --logfile ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \ > > > --push-local "~/.solr-releases/9.1.0/RC1/dist" \ > > > --rc-num 1 \ > > > --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \ > > > --gpg-pass-noprompt > > > Logfile is: > > > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log > > > Building version: 9.1.0 > > > Verify your gpg key is in the main KEYS file > > > Using online KEYS file https://archive.apache.org/dist/solr/KEYS > > > Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS file at > > > https://archive.apache.org/dist/solr/KEYS > > > Will not prompt for gpg password. Make sure your signing setup supports > > > this. > > > > > > Prepare release... > > > git pull... > > > git clone is clean > > > git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580 > > > Check DOAP files > > > ./gradlew --no-daemon -Dtests.badapples=false clean check > > > prepare-release > > > Signing method is gpg tool > > > Running: ./gradlew --no-daemon assembleRelease -Dversion.release=9.1.0 > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName= > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C" > > > FAILED: ./gradlew --no-daemon assembleRelease -Dversion.release=9.1.0 > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName= > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log > > > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] > > > Traceback (most recent call last): > > > File "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > > line 419, in <module> > > > main() > > > File "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > > line 397, in main > > > prepare(c.root, c.version, c.key_id, c.key_password, gpg_home=gpg_home, > > > sign_gradle=c.sign_method_gradle) > > > File "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > > line 147, in prepare > > > run(cmd) > > > File "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > > line 45, in run > > > raise RuntimeError(msg) > > > RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease > > > -Dversion.release=9.1.0 -Psign --max-workers 2 -PuseGpg > > > -Psigning.gnupg.keyName="2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see > > > log /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] > > > > > > > > > > > > FAILURE: Build failed with an exception. > > > > > > * What went wrong: > > > Execution failed for task > > ':solr:prometheus-exporter:signJarsPublication'. > > > > Cannot perform signing task > > > ':solr:prometheus-exporter:signJarsPublication' because it has no > > > configured signatory > > > > > > * Try: > > > Run with --stacktrace option to get the stack trace. Run with --info or > > > --debug option to get more log output. Run with --scan to get full > > insights. > > > > > > On Tue, Oct 25, 2022 at 9:43 PM Ishan Chattopadhyaya < > > > [email protected]> wrote: > > > > > >> The "no configured signatory" seems to be the problem. > > >> I tried adding the following to the gradle.properties: > > >> signing.keyId=4992A24C > > >> signing.password=<MYPASS> > > >> signing.secretKeyRingFile=<TRIED VARIOUS FILES> > > >> > > >> However, none of the files worked well. The problem could be that > there > > >> exists no such file on Fedora that qualifies as the secretKeyRingFile. > > >> > > >> Also, it fails for me with the external GPG based signing as well. I'm > > >> going to try that out shortly and post the logs. > > >> > > >> On Tue, Oct 25, 2022 at 9:40 PM Ishan Chattopadhyaya < > > >> [email protected]> wrote: > > >> > > >>> Hi, > > >>> I'm having no luck with GPG signing on Fedora 34 (GNU/Linux). > > >>> > > >>> This is the output with gradle based signing. > > >>> > > >>> Please advise. > > >>> Thanks, > > >>> Ishan > > >>> > > >>> From the console: > > >>> ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u > > >>> dev-tools/scripts/buildAndPushRelease.py \ > > >>> --logfile ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \ > > >>> --push-local "~/.solr-releases/9.1.0/RC1/dist" \ > > >>> --rc-num 1 \ > > >>> --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \ > > >>> --sign-method-gradle > > >>> Logfile is: > > >>> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log > > >>> Building version: 9.1.0 > > >>> Verify your gpg key is in the main KEYS file > > >>> Using online KEYS file https://archive.apache.org/dist/solr/KEYS > > >>> Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS file at > > >>> https://archive.apache.org/dist/solr/KEYS > > >>> WARN: Could not locate your gpg secret keyring, and --gpg-home not > > >>> specified. > > >>> Falling back to location configured in gradle.properties. > > >>> See 'gradlew helpPublishing' for details. > > >>> Enter GPG keystore password: > > >>> > > >>> Prepare release... > > >>> git pull... > > >>> git clone is clean > > >>> git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580 > > >>> Check DOAP files > > >>> ./gradlew --no-daemon -Dtests.badapples=false clean check > > >>> prepare-release > > >>> Signing method is gradle java-plugin > > >>> Running: ./gradlew --no-daemon assembleRelease > -Dversion.release=9.1.0 > > >>> -Psign --max-workers 2 -Psigning.keyId= > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" > > >>> FAILED: ./gradlew --no-daemon assembleRelease -Dversion.release=9.1.0 > > >>> -Psign --max-workers 2 -Psigning.keyId= > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log > > >>> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] > > >>> Traceback (most recent call last): > > >>> File > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > >>> line 419, in <module> > > >>> main() > > >>> File > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > >>> line 397, in main > > >>> prepare(c.root, c.version, c.key_id, c.key_password, > gpg_home=gpg_home, > > >>> sign_gradle=c.sign_method_gradle) > > >>> File > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > >>> line 145, in prepare > > >>> runAndSendGPGPassword(cmd, gpg_password) > > >>> File > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", > > >>> line 67, in runAndSendGPGPassword > > >>> raise RuntimeError(msg) > > >>> RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease > > >>> -Dversion.release=9.1.0 -Psign --max-workers 2 -Psigning.keyId= > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log > > >>> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] > > >>> > > >>> > > >>> > > >>> ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log: > > >>> > Task :solr:distribution:prepareGitRev > > >>> > Task :solr:distribution:signSourceTgz FAILED > > >>> > Task :solr:solrj:compileJava UP-TO-DATE > > >>> > > >>> FAILURE: Build failed with an exception. > > >>> > > >>> * What went wrong: > > >>> Execution failed for task ':solr:distribution:signSourceTgz'. > > >>> > Cannot perform signing task ':solr:distribution:signSourceTgz' > > >>> because it has no configured signatory > > >>> > > >>> * Try: > > >>> Run with --stacktrace option to get the stack trace. Run with --info > or > > >>> --debug option to get more log output. Run with --scan to get full > > insights. > > >>> > > >>> > > >
