I'm trying to locate the gpg-agent.conf. The ~/.gnupg dir is like this: ishan@x1extreme ~/code/solr (branch_9_1) $ tree ~/.gnupg/ /home/ishan/.gnupg/ ├── private-keys-v1.d │ ├── 6B96929D18CF7343BCA9CB3D6E17F3D1F298AE08.key │ └── EF99BCB6F0CE32A0D16C816E1C9BAE2980C54795.key ├── pubring.kbx └── trustdb.gpg
1 directory, 4 files On Tue, Oct 25, 2022 at 11:27 PM Ishan Chattopadhyaya < [email protected]> wrote: > Yes, I had tested it out. It works, as per the screenshots attached. The > second one shows the prompt (GNOME). > > On Tue, Oct 25, 2022 at 11:23 PM Mike Drob <[email protected]> wrote: > >> From `gradlew helpPublishing` >> >> If you the following command fails with your GPG configuration, you >> can >> not use an external GPG process with gradle: >> echo foo | gpg --batch --no-tty --armor --detach-sign --use-agent >> --local-user YOUR_KEY_NAME >> >> Can you verify that command works for you? You might need to do some steps >> to configure your pinentry settings >> >> On Tue, Oct 25, 2022 at 12:46 PM Houston Putman <[email protected]> >> wrote: >> >> > Ok, I have a fix for this to start, it does require a commit: >> > https://github.com/apache/solr/pull/1125 >> > >> > For a more complete fix can you share your gpg agent conf >> > file: ~/.gnupg/gpg-agent.conf? >> > >> > This will help me setup the release wizard for default setups. >> > >> > On Tue, Oct 25, 2022 at 1:40 PM Ishan Chattopadhyaya < >> > [email protected]> wrote: >> > >> > > I tried putting the keyid and passphrase in the gradle.properties. But >> > the >> > > signing.secretKeyRingFile didn't work as, AFAICT, Fedora doesn't have >> a >> > > secret key file lying around in the filesystem, I think it uses some >> > secure >> > > storage for it. >> > > >> > > On Tue, 25 Oct, 2022, 10:32 pm Houston Putman, <[email protected]> >> > wrote: >> > > >> > > > The GPG stuff has been tested and works, though with certain >> inputs. I >> > > can >> > > > get it to work with `-PuseGPG` and providing the following >> properties >> > > > `-Psigning.gnupg.keyName` (with the full fingerprint) and >> > > > `-Psigning.gnupg.passphrase`. >> > > > >> > > > I think the problem is getting the passphrase to the GPG stuff >> through >> > > the >> > > > python script isn't working. >> > > > >> > > > Doing some local testing to see how we can fix it. >> > > > >> > > > In the meantime, if you put "signing.gnupg.passphrase=...." in your >> > > > ~/.gradle/gradle.properties then I bet the "-PuseGPG" option will >> > work... >> > > > >> > > > - Houston >> > > > >> > > > On Tue, Oct 25, 2022 at 12:54 PM Ishan Chattopadhyaya < >> > > > [email protected]> wrote: >> > > > >> > > > > Has the GPG signing ever been tested with Linux (or Fedora in >> > > > particular)? >> > > > > Any ideas on how to proceed? >> > > > > >> > > > > >> > > > > On Tue, Oct 25, 2022 at 10:22 PM Ishan Chattopadhyaya < >> > > > > [email protected]> wrote: >> > > > > >> > > > > > Here are the logs with external GPG. >> > > > > > >> > > > > > ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u >> > > > > > dev-tools/scripts/buildAndPushRelease.py \ >> > > > > > --logfile >> ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \ >> > > > > > --push-local "~/.solr-releases/9.1.0/RC1/dist" \ >> > > > > > --rc-num 1 \ >> > > > > > --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \ >> > > > > > --gpg-pass-noprompt >> > > > > > Logfile is: >> > > > > > >> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log >> > > > > > Building version: 9.1.0 >> > > > > > Verify your gpg key is in the main KEYS file >> > > > > > Using online KEYS file >> https://archive.apache.org/dist/solr/KEYS >> > > > > > Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS file >> at >> > > > > > https://archive.apache.org/dist/solr/KEYS >> > > > > > Will not prompt for gpg password. Make sure your signing setup >> > > supports >> > > > > > this. >> > > > > > >> > > > > > Prepare release... >> > > > > > git pull... >> > > > > > git clone is clean >> > > > > > git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580 >> > > > > > Check DOAP files >> > > > > > ./gradlew --no-daemon -Dtests.badapples=false clean check >> > > > > > prepare-release >> > > > > > Signing method is gpg tool >> > > > > > Running: ./gradlew --no-daemon assembleRelease >> > > -Dversion.release=9.1.0 >> > > > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName= >> > > > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C" >> > > > > > FAILED: ./gradlew --no-daemon assembleRelease >> > -Dversion.release=9.1.0 >> > > > > > -Psign --max-workers 2 -PuseGpg -Psigning.gnupg.keyName= >> > > > > > "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log >> > > > > > >> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] >> > > > > > Traceback (most recent call last): >> > > > > > File >> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > > line 419, in <module> >> > > > > > main() >> > > > > > File >> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > > line 397, in main >> > > > > > prepare(c.root, c.version, c.key_id, c.key_password, >> > > gpg_home=gpg_home, >> > > > > > sign_gradle=c.sign_method_gradle) >> > > > > > File >> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > > line 147, in prepare >> > > > > > run(cmd) >> > > > > > File >> > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > > line 45, in run >> > > > > > raise RuntimeError(msg) >> > > > > > RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease >> > > > > > -Dversion.release=9.1.0 -Psign --max-workers 2 -PuseGpg >> > > > > > >> -Psigning.gnupg.keyName="2085660D9C1FCCACC4A479A3BF160FF14992A24C" >> > > [see >> > > > > > log >> > > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] >> > > > > > >> > > > > > >> > > > > > >> > > > > > FAILURE: Build failed with an exception. >> > > > > > >> > > > > > * What went wrong: >> > > > > > Execution failed for task >> > > > > ':solr:prometheus-exporter:signJarsPublication'. >> > > > > > > Cannot perform signing task >> > > > > > ':solr:prometheus-exporter:signJarsPublication' because it has >> no >> > > > > > configured signatory >> > > > > > >> > > > > > * Try: >> > > > > > Run with --stacktrace option to get the stack trace. Run with >> > --info >> > > or >> > > > > > --debug option to get more log output. Run with --scan to get >> full >> > > > > insights. >> > > > > > >> > > > > > On Tue, Oct 25, 2022 at 9:43 PM Ishan Chattopadhyaya < >> > > > > > [email protected]> wrote: >> > > > > > >> > > > > >> The "no configured signatory" seems to be the problem. >> > > > > >> I tried adding the following to the gradle.properties: >> > > > > >> signing.keyId=4992A24C >> > > > > >> signing.password=<MYPASS> >> > > > > >> signing.secretKeyRingFile=<TRIED VARIOUS FILES> >> > > > > >> >> > > > > >> However, none of the files worked well. The problem could be >> that >> > > > there >> > > > > >> exists no such file on Fedora that qualifies as the >> > > secretKeyRingFile. >> > > > > >> >> > > > > >> Also, it fails for me with the external GPG based signing as >> well. >> > > I'm >> > > > > >> going to try that out shortly and post the logs. >> > > > > >> >> > > > > >> On Tue, Oct 25, 2022 at 9:40 PM Ishan Chattopadhyaya < >> > > > > >> [email protected]> wrote: >> > > > > >> >> > > > > >>> Hi, >> > > > > >>> I'm having no luck with GPG signing on Fedora 34 (GNU/Linux). >> > > > > >>> >> > > > > >>> This is the output with gradle based signing. >> > > > > >>> >> > > > > >>> Please advise. >> > > > > >>> Thanks, >> > > > > >>> Ishan >> > > > > >>> >> > > > > >>> From the console: >> > > > > >>> ishan@x1extreme ~/code/solr (branch_9_1) $ python3 -u >> > > > > >>> dev-tools/scripts/buildAndPushRelease.py \ >> > > > > >>> --logfile >> > ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log \ >> > > > > >>> --push-local "~/.solr-releases/9.1.0/RC1/dist" \ >> > > > > >>> --rc-num 1 \ >> > > > > >>> --sign 2085660D9C1FCCACC4A479A3BF160FF14992A24C \ >> > > > > >>> --sign-method-gradle >> > > > > >>> Logfile is: >> > > > > >>> >> /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log >> > > > > >>> Building version: 9.1.0 >> > > > > >>> Verify your gpg key is in the main KEYS file >> > > > > >>> Using online KEYS file >> https://archive.apache.org/dist/solr/KEYS >> > > > > >>> Found key 2085660D9C1FCCACC4A479A3BF160FF14992A24C in KEYS >> file >> > at >> > > > > >>> https://archive.apache.org/dist/solr/KEYS >> > > > > >>> WARN: Could not locate your gpg secret keyring, and --gpg-home >> > not >> > > > > >>> specified. >> > > > > >>> Falling back to location configured in gradle.properties. >> > > > > >>> See 'gradlew helpPublishing' for details. >> > > > > >>> Enter GPG keystore password: >> > > > > >>> >> > > > > >>> Prepare release... >> > > > > >>> git pull... >> > > > > >>> git clone is clean >> > > > > >>> git rev: 36d8f3977d65525dab0b5e25a35e137aac4e1580 >> > > > > >>> Check DOAP files >> > > > > >>> ./gradlew --no-daemon -Dtests.badapples=false clean check >> > > > > >>> prepare-release >> > > > > >>> Signing method is gradle java-plugin >> > > > > >>> Running: ./gradlew --no-daemon assembleRelease >> > > > -Dversion.release=9.1.0 >> > > > > >>> -Psign --max-workers 2 -Psigning.keyId= >> > > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" >> > > > > >>> FAILED: ./gradlew --no-daemon assembleRelease >> > > -Dversion.release=9.1.0 >> > > > > >>> -Psign --max-workers 2 -Psigning.keyId= >> > > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log >> > > > > >>> >> > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] >> > > > > >>> Traceback (most recent call last): >> > > > > >>> File >> > > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > >>> line 419, in <module> >> > > > > >>> main() >> > > > > >>> File >> > > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > >>> line 397, in main >> > > > > >>> prepare(c.root, c.version, c.key_id, c.key_password, >> > > > gpg_home=gpg_home, >> > > > > >>> sign_gradle=c.sign_method_gradle) >> > > > > >>> File >> > > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > >>> line 145, in prepare >> > > > > >>> runAndSendGPGPassword(cmd, gpg_password) >> > > > > >>> File >> > > > "/home/ishan/code/solr/dev-tools/scripts/buildAndPushRelease.py", >> > > > > >>> line 67, in runAndSendGPGPassword >> > > > > >>> raise RuntimeError(msg) >> > > > > >>> RuntimeError: FAILED: ./gradlew --no-daemon assembleRelease >> > > > > >>> -Dversion.release=9.1.0 -Psign --max-workers 2 >> -Psigning.keyId= >> > > > > >>> "2085660D9C1FCCACC4A479A3BF160FF14992A24C" [see log >> > > > > >>> >> > /home/ishan/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log] >> > > > > >>> >> > > > > >>> >> > > > > >>> >> > > > > >>> ~/.solr-releases/9.1.0/RC1/logs/buildAndPushRelease.log: >> > > > > >>> > Task :solr:distribution:prepareGitRev >> > > > > >>> > Task :solr:distribution:signSourceTgz FAILED >> > > > > >>> > Task :solr:solrj:compileJava UP-TO-DATE >> > > > > >>> >> > > > > >>> FAILURE: Build failed with an exception. >> > > > > >>> >> > > > > >>> * What went wrong: >> > > > > >>> Execution failed for task ':solr:distribution:signSourceTgz'. >> > > > > >>> > Cannot perform signing task >> ':solr:distribution:signSourceTgz' >> > > > > >>> because it has no configured signatory >> > > > > >>> >> > > > > >>> * Try: >> > > > > >>> Run with --stacktrace option to get the stack trace. Run with >> > > --info >> > > > or >> > > > > >>> --debug option to get more log output. Run with --scan to get >> > full >> > > > > insights. >> > > > > >>> >> > > > > >>> >> > > > > >> > > > >> > > >> > >> >
