>From `gradlew helpPublishing`
If you the following command fails with your GPG configuration, you can
not use an external GPG process with gradle:
echo foo | gpg --batch --no-tty --armor --detach-sign --use-agent
--local-user YOUR_KEY_NAME
Can you verify that command works for you? You might need to do some steps
to configure your pinentry settings
On Tue, Oct 25, 2022 at 12:46 PM Houston Putman <[email protected]> wrote:
> Ok, I have a fix for this to start, it does require a commit:
> https://github.com/apache/solr/pull/1125
>
> For a more complete fix can you share your gpg agent conf
> file: ~/.gnupg/gpg-agent.conf?
>
> This will help me setup the release wizard for default setups.
>
> On Tue, Oct 25, 2022 at 1:40 PM Ishan Chattopadhyaya <
> [email protected]> wrote:
>
> > I tried putting the keyid and passphrase in the gradle.properties. But
> the
> > signing.secretKeyRingFile didn't work as, AFAICT, Fedora doesn't have a
> > secret key file lying around in the filesystem, I think it uses some
> secure
> > storage for it.
> >
> > On Tue, 25 Oct, 2022, 10:32 pm Houston Putman, <[email protected]>
> wrote:
> >
> > > The GPG stuff has been tested and works, though with certain inputs. I
> > can
> > > get it to work with `-PuseGPG` and providing the following properties
> > > `-Psigning.gnupg.keyName` (with the full fingerprint) and
> > > `-Psigning.gnupg.passphrase`.
> > >
> > > I think the problem is getting the passphrase to the GPG stuff through
> > the
> > > python script isn't working.
> > >
> > > Doing some local testing to see how we can fix it.
> > >
> > > In the meantime, if you put "signing.gnupg.passphrase=...." in your
> > > ~/.gradle/gradle.properties then I bet the "-PuseGPG" option will
> work...
> > >
> > > - Houston
> > >
> > > On Tue, Oct 25, 2022 at 12:54 PM Ishan Chattopadhyaya <
> > > [email protected]> wrote:
> > >
> > > > Has the GPG signing ever been tested with Linux (or Fedora in
> > > particular)?
> > > > Any ideas on how to proceed?
> > > >
> > > >
> > > > On Tue, Oct 25, 2022 at 10:22 PM Ishan Chattopadhyaya <
> > > > [email protected]> wrote:
> > > >
> > > > > Here are the logs with external GPG.
> > > > >
> > > > > ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u
> > > > > dev-tools/scripts/buildAndPushRelease.py \
> > > > > --logfile ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \
> > > > > --push-local "~/.solr-releases/9.1.0/RC1/dist" \
> > > > > --rc-num 1 \
> > > > > --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \
> > > > > --gpg-pass-noprompt
> > > > > Logfile is:
> > > > > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log
> > > > > Building version: 9.1.0
> > > > > Verify your gpg key is in the main KEYS file
> > > > > Using online KEYS file https://archive.apache.org/dist/solr/KEYS
> > > > > Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS file at
> > > > > https://archive.apache.org/dist/solr/KEYS
> > > > > Will not prompt for gpg password. Make sure your signing setup
> > supports
> > > > > this.
> > > > >
> > > > > Prepare release...
> > > > > git pull...
> > > > > git clone is clean
> > > > > git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580
> > > > > Check DOAP files
> > > > > ./gradlew --no-daemon -Dtests.badapples=false clean check
> > > > > prepare-release
> > > > > Signing method is gpg tool
> > > > > Running: ./gradlew --no-daemon assembleRelease
> > -Dversion.release=9.1.0
> > > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName=
> > > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C"
> > > > > FAILED: ./gradlew --no-daemon assembleRelease
> -Dversion.release=9.1.0
> > > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName=
> > > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log
> > > > > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log]
> > > > > Traceback (most recent call last):
> > > > > File
> > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > > line 419, in <module>
> > > > > main()
> > > > > File
> > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > > line 397, in main
> > > > > prepare(c.root, c.version, c.key_id, c.key_password,
> > gpg_home=gpg_home,
> > > > > sign_gradle=c.sign_method_gradle)
> > > > > File
> > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > > line 147, in prepare
> > > > > run(cmd)
> > > > > File
> > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > > line 45, in run
> > > > > raise RuntimeError(msg)
> > > > > RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease
> > > > > -Dversion.release=9.1.0 -Psign --max-workers 2 -PuseGpg
> > > > > -Psigning.gnupg.keyName="2085660D9C1FCCACC4A479A3BF160FF14992A24C"
> > [see
> > > > > log
> > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log]
> > > > >
> > > > >
> > > > >
> > > > > FAILURE: Build failed with an exception.
> > > > >
> > > > > * What went wrong:
> > > > > Execution failed for task
> > > > ':solr:prometheus-exporter:signJarsPublication'.
> > > > > > Cannot perform signing task
> > > > > ':solr:prometheus-exporter:signJarsPublication' because it has no
> > > > > configured signatory
> > > > >
> > > > > * Try:
> > > > > Run with --stacktrace option to get the stack trace. Run with
> --info
> > or
> > > > > --debug option to get more log output. Run with --scan to get full
> > > > insights.
> > > > >
> > > > > On Tue, Oct 25, 2022 at 9:43 PM Ishan Chattopadhyaya <
> > > > > [email protected]> wrote:
> > > > >
> > > > >> The "no configured signatory" seems to be the problem.
> > > > >> I tried adding the following to the gradle.properties:
> > > > >> signing.keyId=4992A24C
> > > > >> signing.password=<MYPASS>
> > > > >> signing.secretKeyRingFile=<TRIED VARIOUS FILES>
> > > > >>
> > > > >> However, none of the files worked well. The problem could be that
> > > there
> > > > >> exists no such file on Fedora that qualifies as the
> > secretKeyRingFile.
> > > > >>
> > > > >> Also, it fails for me with the external GPG based signing as well.
> > I'm
> > > > >> going to try that out shortly and post the logs.
> > > > >>
> > > > >> On Tue, Oct 25, 2022 at 9:40 PM Ishan Chattopadhyaya <
> > > > >> [email protected]> wrote:
> > > > >>
> > > > >>> Hi,
> > > > >>> I'm having no luck with GPG signing on Fedora 34 (GNU/Linux).
> > > > >>>
> > > > >>> This is the output with gradle based signing.
> > > > >>>
> > > > >>> Please advise.
> > > > >>> Thanks,
> > > > >>> Ishan
> > > > >>>
> > > > >>> From the console:
> > > > >>> ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u
> > > > >>> dev-tools/scripts/buildAndPushRelease.py \
> > > > >>> --logfile
> ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \
> > > > >>> --push-local "~/.solr-releases/9.1.0/RC1/dist" \
> > > > >>> --rc-num 1 \
> > > > >>> --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \
> > > > >>> --sign-method-gradle
> > > > >>> Logfile is:
> > > > >>> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log
> > > > >>> Building version: 9.1.0
> > > > >>> Verify your gpg key is in the main KEYS file
> > > > >>> Using online KEYS file https://archive.apache.org/dist/solr/KEYS
> > > > >>> Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS file
> at
> > > > >>> https://archive.apache.org/dist/solr/KEYS
> > > > >>> WARN: Could not locate your gpg secret keyring, and --gpg-home
> not
> > > > >>> specified.
> > > > >>> Falling back to location configured in gradle.properties.
> > > > >>> See 'gradlew helpPublishing' for details.
> > > > >>> Enter GPG keystore password:
> > > > >>>
> > > > >>> Prepare release...
> > > > >>> git pull...
> > > > >>> git clone is clean
> > > > >>> git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580
> > > > >>> Check DOAP files
> > > > >>> ./gradlew --no-daemon -Dtests.badapples=false clean check
> > > > >>> prepare-release
> > > > >>> Signing method is gradle java-plugin
> > > > >>> Running: ./gradlew --no-daemon assembleRelease
> > > -Dversion.release=9.1.0
> > > > >>> -Psign --max-workers 2 -Psigning.keyId=
> > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C"
> > > > >>> FAILED: ./gradlew --no-daemon assembleRelease
> > -Dversion.release=9.1.0
> > > > >>> -Psign --max-workers 2 -Psigning.keyId=
> > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log
> > > > >>>
> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log]
> > > > >>> Traceback (most recent call last):
> > > > >>> File
> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > >>> line 419, in <module>
> > > > >>> main()
> > > > >>> File
> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > >>> line 397, in main
> > > > >>> prepare(c.root, c.version, c.key_id, c.key_password,
> > > gpg_home=gpg_home,
> > > > >>> sign_gradle=c.sign_method_gradle)
> > > > >>> File
> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > >>> line 145, in prepare
> > > > >>> runAndSendGPGPassword(cmd, gpg_password)
> > > > >>> File
> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py",
> > > > >>> line 67, in runAndSendGPGPassword
> > > > >>> raise RuntimeError(msg)
> > > > >>> RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease
> > > > >>> -Dversion.release=9.1.0 -Psign --max-workers 2 -Psigning.keyId=
> > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log
> > > > >>>
> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log]
> > > > >>>
> > > > >>>
> > > > >>>
> > > > >>> ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log:
> > > > >>> > Task :solr:distribution:prepareGitRev
> > > > >>> > Task :solr:distribution:signSourceTgz FAILED
> > > > >>> > Task :solr:solrj:compileJava UP-TO-DATE
> > > > >>>
> > > > >>> FAILURE: Build failed with an exception.
> > > > >>>
> > > > >>> * What went wrong:
> > > > >>> Execution failed for task ':solr:distribution:signSourceTgz'.
> > > > >>> > Cannot perform signing task ':solr:distribution:signSourceTgz'
> > > > >>> because it has no configured signatory
> > > > >>>
> > > > >>> * Try:
> > > > >>> Run with --stacktrace option to get the stack trace. Run with
> > --info
> > > or
> > > > >>> --debug option to get more log output. Run with --scan to get
> full
> > > > insights.
> > > > >>>
> > > > >>>
> > > >
> > >
> >
>
