[jira] [Assigned] (MGPG-99) Passcode byte array provided to gpg executable on stdin is not terminated

Mon, 04 Mar 2024 11:23:14 -0800 


     [ 
https://issues.apache.org/jira/browse/MGPG-99?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Tamas Cservenak reassigned MGPG-99:
-----------------------------------

    Assignee: Tamas Cservenak

> Passcode byte array provided to gpg executable on stdin is not terminated
> -------------------------------------------------------------------------
>
>                 Key: MGPG-99
>                 URL: https://issues.apache.org/jira/browse/MGPG-99
>             Project: Maven GPG Plugin
>          Issue Type: Bug
>    Affects Versions: 3.1.0
>            Reporter: Niels Bertram
>            Assignee: Tamas Cservenak
>            Priority: Minor
>             Fix For: 3.2.0
>
>         Attachments: image-2023-08-15-10-40-10-637.png
>
>
> We ran into a strange issue using the maven-gpg-plugin with gnu gpg 2.3.7.
> The 2.x versions of gpg prefer to take the passcode for the signing key via 
> stdin and the maven-gpg-plugin does setup the signing process accordingly 
> with the `--passphrase-fd 0` 
> [argument|https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L102]
>  provided to the command process.
> On [Line 
> 106|https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L106]
>  the passcode is written to as bytes to the input stream that is then 
> provided in [Line 
> 173|https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L173]
>  to the gpg process.
> Unfortunately it appears that gpg requires a `CR` or `LF` to recognise that 
> the passcode is provided as arg 0 on stdin. In our case it does not and the 
> process fails with following error: `gpg: signing failed: No pinentry` .
> The use of the loopback pinentry device is properly configured by the plugin 
> but the hint for us was that the gpg executable did not know there was any 
> input on stdin.
> After some experimentation, we found that appending a `CR` character to the 
> passcode will trigger the stdin to provide the passcode to the program.
> This "fix" looks like this in the `settings.xml` file.
> !image-2023-08-15-10-40-10-637.png!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to