[ https://issues.apache.org/jira/browse/SOLR-15361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17332807#comment-17332807 ]
Chris M. Hostetter commented on SOLR-15361: ------------------------------------------- Hmmm... now I'm even more confused.... Ah .. ok .. part of my confusion is that the 'find' command output shows that {{solr-9.0.0-SNAPSHOT.tgz.asc}} – leading me to think gpg2 is in fact signing the file – but then i realized way the gradle signing plugin is working seems to be creating that file itself and then "failing" because gpg2 doesn't give it any stdout to write to that file. [~houston] – some new questions... # can you confirm that the {{solr/packaging/build//distributions/solr-9.0.0-SNAPSHOT.tgz.asc}} file you're getting is 0 bytes? # do you get any similar looking "No such file or directory" errors w/ a non gradle test signing operation like {{echo "DATADATA" | gpg2 --local-user YOUR_KEY_FINGERPRINT_HERE --status-fd 2 --with-colons --batch --detach-sign --armor}} (I'm curious about both "gpg" and "gpg2" here ... I'm wondering if the 'GnuPG/MacGPG2' vs 'GnuPG' binary distinction had anything to do with the behavior you're seeing I'm curious about both "gpg" and "gpg2" here since they are different on your box) # does setting {{-Psigning.gnupg.useLegacyGpg=true}} on the gradle command line change the behavior you're seeing? (in our usage the only thing it should change is adding the {{--use-agent}} argument ... but that should be the default in gpg2 anyway) # does setting {{-Psigning.gnupg.executable=gpg}} on the gradle command line (w/ or w/o {{-Psigning.gnupg.useLegacyGpg=true}}) change the behavior you're seeing? (Again, I'm wondering if the 'GnuPG/MacGPG2' vs 'GnuPG' distinctionis a factor) # does setting {{-Psigning.gnupg.optionsFile=/dev/null}} on the gradle command line change the behavior you're seeing? # can you share your ~/.gnupg/gpg.conf so we can see what kinds of defaults you have that would be added to the options set by gradle? Has anyone else besides houston & myself tried to run {{./gradlew signDist -Psigning.gnupg.keyName=YOUR_KEY}} ? on what OS? any failures like Houston's (or any failures at all?) > update gradle build to support gpg signing of tgz/zip distributions > ------------------------------------------------------------------- > > Key: SOLR-15361 > URL: https://issues.apache.org/jira/browse/SOLR-15361 > Project: Solr > Issue Type: Task > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Chris M. Hostetter > Assignee: Chris M. Hostetter > Priority: Major > Fix For: main (9.0) > > Attachments: SOLR-15361.patch, SOLR-15361.patch, SOLR-15361.patch, > SOLR-15361.patch, SOLR-15361.patch, SOLR-15361.patch, houston.wtf.stderr.txt, > houston.wtf.stdout.txt > > > the gradle build does not currently have any support for gpg signing the > distributions we produce. > this is neccessary for releases, and for being able to "smoke test" our > Dockerfiles prior to release (by creating mock download servers to confirm > {{docker build}} can correctly fetch the {{tgz}} & {{tgz.asc}} files we point > it at) -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org