[
https://issues.apache.org/jira/browse/BEAM-6726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16780440#comment-16780440
]
Michael Luckey commented on BEAM-6726:
--------------------------------------
After digging into that I have to confirm that, although gradle documentation
states [1]
{noformat}
Without any further configuration the gpg2 (on Windows: gpg2.exe) executable
found on the PATH will be used. The password is supplied by the gpg-agent and
the default key is used for signing.
{noformat}
this is not working anymore. I think this is an unintentional regression on
gradle side and qualifies as a bug.
Unfortunately also the provided error message is misleading. To be able to sign
with gradle 5.1+ we need to provide the to be used key. This could be done
either by adding _-Psigning.gnupg.keyName=<KEY-ID>_ - which probably has to be
done by some environment vars similar to [2] as the call to gradle is wrapped
in corresponding shell script [3] - or by adding the key id to the developers
gradle.properties file.
As I am not using default keys for signing and also always have project
specific gradle home, I have set this as
{noformat}
$ cat beam-gradle-home/gradle.properties
signing.gnupg.keyName=<MY-APACHE-SIGNING-KEY-ID>
signing.gnupg.executable=gpg2
{noformat}
Of course for those who sign with default key anyway, it does not make a
difference to add this to global developers gradle properties in
_~/.gradle/gradle.properties_
Do you think this will be too much of a burden?
Note: AFAICT this issue was "introduced" with gradle 5.1, i.e. 5.0 was still
working. Downgrading to 5.0 seems to be no option, though.
[1] https://docs.gradle.org/current/userguide/signing_plugin.html
[2]
https://github.com/apache/beam/blob/master/release/src/main/scripts/build_release_candidate.sh#L48-L55
[3]
https://github.com/apache/beam/blob/master/release/src/main/scripts/build_release_candidate.sh#L92-L94
> Gradle Publish fails with Gradle 5
> ----------------------------------
>
> Key: BEAM-6726
> URL: https://issues.apache.org/jira/browse/BEAM-6726
> Project: Beam
> Issue Type: Bug
> Components: build-system
> Affects Versions: 2.11.0
> Reporter: Ahmet Altay
> Assignee: Michael Luckey
> Priority: Blocker
> Fix For: 2.12.0
>
> Time Spent: 2h
> Remaining Estimate: 0h
>
> cc: [~alanmyrvold] [~kenn]
> :beam-sdks-java-bom:signMavenJavaPublication task fails with an obscure
> error:
> (https://scans.gradle.com/s/mcbb4axlx6agy/failure?openFailures=WzBd&openStackTraces=WzFd#top=0):
> Duplicate key pom-default.xml.asc:xml.asc:asc:null (attempted merging values
> Signature pom-default.xml.asc:xml.asc:asc:null and Signature
> pom-default.xml.asc:xml.asc:asc:null)
> Downgrading to Gradle 4 by reverting
> https://github.com/apache/beam/commit/cadb6f7fabc6faedc6037104338306688f17652f
> works.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
