Maven 2.x and 3.x GPG Plugin

password is specified, but still promting

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.0-alpha-4
  • Fix Version/s: 1.1
  • Labels:
    None
  • Environment:
  • Number of attachments :
    0

Description

Using
mvn verify -Dgpg.passphrase=thephrase
with thephrase replaced with the real one.

When it get to signing, it still promts.
It is critical, because this prompt repeats with all the 100 modules of the project.

Problem maybe related to updates/changes of gpg software.
Related warning message:

gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
can't connect to `/home/albert_kurucz/.gnupg/S.gpg-agent': No such file or directory

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Albert Kurucz added a comment -

Found this:
http://www.nabble.com/-Bug-53196--NEW:-openpgp-encryption-decryption-not-working:-gpg-agent-not-started-by-default-td25153797.html

after executing this:

gpg-agent --use-standard-socket --daemon 2>/dev/null

password is not prompted any more, just once. strange!

Show
Albert Kurucz added a comment - Found this: http://www.nabble.com/-Bug-53196--NEW:-openpgp-encryption-decryption-not-working:-gpg-agent-not-started-by-default-td25153797.html after executing this: gpg-agent --use-standard-socket --daemon 2>/dev/null password is not prompted any more, just once. strange!
Hide
Permalink
Brett Porter added a comment -

so you've established this was a bug on your installation?

Show
Brett Porter added a comment - so you've established this was a bug on your installation?
Hide
Permalink
Eric Chatellier added a comment -

Same problem here.

Maven 2.2.1 with gnupg 2.0.11 on gentoo x86_64.

Password is asked once.

Show
Eric Chatellier added a comment - Same problem here. Maven 2.2.1 with gnupg 2.0.11 on gentoo x86_64. Password is asked once.
Hide
Permalink
Fabrizio Giudici added a comment -

My problem is similar, in a batch environment, but it's intermittent. Sometimes it takes the password specified by the property, other times it fails about not being able to use /dev/tty (which is obvious, since it's a batch run, but the bug is that it doesn't use the password specified in the property). I'm seeing the "obsolete option" warning too.

Show
Fabrizio Giudici added a comment - My problem is similar, in a batch environment, but it's intermittent. Sometimes it takes the password specified by the property, other times it fails about not being able to use /dev/tty (which is obvious, since it's a batch run, but the bug is that it doesn't use the password specified in the property). I'm seeing the "obsolete option" warning too.
Hide
Permalink
SebbASF added a comment -

Same here - sometimes it reads the password from settings.xml, other times it prompts.
Once the password has been accepted, I don't get further prompts in the same run.
I'm also seeing the "--no-use-agent" warning
Win XP/SP3, Maven 2.2.1
gpg (GnuPG) 2.0.12 (Gpg4win 2.0.0)
libgcrypt 1.4.4

Show
SebbASF added a comment - Same here - sometimes it reads the password from settings.xml, other times it prompts. Once the password has been accepted, I don't get further prompts in the same run. I'm also seeing the "--no-use-agent" warning Win XP/SP3, Maven 2.2.1 gpg (GnuPG) 2.0.12 (Gpg4win 2.0.0) libgcrypt 1.4.4
Hide
Permalink
SebbASF added a comment -

Just tried again with gpg (GnuPG) 1.4.10, and it works fine.

I think the problem is that gpg2.exe (which may also be installed as gpg.exe) does not handle the passphrase-fd parameter in the same way as earlier versions of gpg. According to http://linux.die.net/man/1/gpg2

The --passphrase-fd option is only used by gpg2 if --batch is also specified.

IMO GPG2 really ought to print a warning for this change in behaviour.

The --batch option is also valid for earlier versions of gpg, so the solution is to add --batch when providing a password.

Since GPG2 cannot get the password from fd0, it will start the gpg-agent which will then cache the password for a while.
I think this explains why the prompt sometimes re-appears.

A work-round is to ensure that the version of gpg found by Maven is not gpg2, but an earlier version.

Show
SebbASF added a comment - Just tried again with gpg (GnuPG) 1.4.10, and it works fine. I think the problem is that gpg2.exe (which may also be installed as gpg.exe) does not handle the passphrase-fd parameter in the same way as earlier versions of gpg. According to http://linux.die.net/man/1/gpg2 The --passphrase-fd option is only used by gpg2 if --batch is also specified. IMO GPG2 really ought to print a warning for this change in behaviour. The --batch option is also valid for earlier versions of gpg, so the solution is to add --batch when providing a password. Since GPG2 cannot get the password from fd0, it will start the gpg-agent which will then cache the password for a while. I think this explains why the prompt sometimes re-appears. A work-round is to ensure that the version of gpg found by Maven is not gpg2, but an earlier version.
Hide
Permalink
Benjamin Bentmann added a comment -

Fixed in r948928.

Show
Benjamin Bentmann added a comment - Fixed in r948928 .

People

  • Assignee:
    Benjamin Bentmann
    Reporter:
    Albert Kurucz
Vote (2)
Watch (3)

Dates

  • Created:
    Updated:
    Resolved: