I will try adding the additional elements:
<gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
<!-- must be on the execution path -->
<gpg.executable>gpg2</gpg.executable>
And also try with gpg2.
I'll try later today and update.
Thanks again for all of the help!
Bill-
On Tue, Dec 13, 2011 at 9:23 AM, Gary Gregory <garydgreg...@gmail.com> wrote:
> FWIW: My set up is such that I always enter my password on the CLI when
> Maven asks for it.
>
> Gary
>
> On Tue, Dec 13, 2011 at 9:20 AM, sebb <seb...@gmail.com> wrote:
>
>> On 13 December 2011 13:53, William Speirs <wspe...@apache.org> wrote:
>> > On Tue, Dec 13, 2011 at 12:16 AM, Gary Gregory <garydgreg...@gmail.com>
>> wrote:
>> >> Did you do the whole master pass phrase/obfuscated stuff that the top
>> >> of the Using Nexus wiki points to?
>> >
>> > I did not do this at first, but I have since tried. I setup my
>> > settings-security.xml file as show on the wiki page, and added the
>> > encrypted passwords to my settings.xml file. Still doesn't work.
>> >
>> > Below is my entire settings.xml file (with passwords removed). By
>> > adding the <mavenExecutorId> element, it will not hang but prompt me
>> > for a password if it's not supplied via <gpg.passphrase>. However,
>> > even when I type my passphrase in, it still rejects it. Again, if I
>> > use gpg -c somefile.txt and type in that same passphrase, everything
>> > works.
>> >
>> > I'm testing this by running: mvn -Prc,apache package gpg:sign
>>
>> Not sure what the rc profile does compared with the release profile.
>>
>> What version of GPG are you using?
>>
>>
>> > And I keep getting:
>> >
>> > [INFO] [gpg:sign {execution: default-cli}]
>> > gpg: skipped "B0EC1E65": bad passphrase
>> > gpg: signing failed: bad passphrase
>> >
>> > I'm at a loss at this point...
>> >
>> > Bill-
>> >
>> > * settings.xml *
>> >
>> > <?xml version="1.0"?>
>> > <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0";
>> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
>> > xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
>> > http://maven.apache.org/xsd/settings-1.0.0.xsd";>
>> > <servers>
>> > <server>
>> > <id>apache.releases</id>
>> > <username>wspeirs</username>
>> > <password>{my encrypted Apache password here}</password>
>> > <filePermissions>664</filePermissions>
>> > <directoryPermissions>775</directoryPermissions>
>> > </server>
>> > <server>
>> > <id>apache.website</id>
>> > <username>wspeirs</username>
>> > <password>{my encrypted Apache password here}</password>
>> > <filePermissions>664</filePermissions>
>> > <directoryPermissions>775</directoryPermissions>
>> > </server>
>> > <server>
>> > <id>apache.snapshots</id>
>> > <username>wspeirs</username>
>> > <password>{my encrypted Apache password here}</password>
>> > <filePermissions>664</filePermissions>
>> > <directoryPermissions>775</directoryPermissions>
>> > </server>
>> > </servers>
>> > <profiles>
>> > <profile>
>> > <id>apache</id>
>> > <activation>
>> > <activeByDefault>false</activeByDefault>
>> > </activation>
>> > <properties>
>> > <mavenExecutorId>forked-path</mavenExecutorId>
>> > <commons.deployment.protocol>scp</commons.deployment.protocol>
>> > <gpg.keyname>B0EC1E65</gpg.keyname>
>> > <gpg.passphrase>{my encrypted GPG password here}</gpg.passphrase>
>> > </properties>
>> > </profile>
>> > </profiles>
>> > </settings>
>>
>> I use an external GPG database (on a USB stick); but for test purposes
>> I have a dummy signing key using a local database.
>>
>> <profile>
>> <id>keyTest</id>
>> <properties>
>> <gpg.keyname>Deploy Test User</gpg.keyname>
>> <gpg.passphrase>password in clear</gpg.passphrase>
>> <gpg.useagent>false</gpg.useagent>
>> </properties>
>> </profile>
>>
>> Here's the real key profile:
>>
>> <profile>
>> <id>keyReal</id>
>> <properties>
>> <gpg.keyname>4FAD5F62</gpg.keyname>
>> <gpg.secretKeyring>/path/to/secring.gpg</gpg.secretKeyring>
>> <!-- must be on the execution path -->
>> <gpg.executable>gpg2</gpg.executable>
>> <gpg.useagent>false</gpg.useagent>
>> </properties>
>> </profile>
>>
>> I found gpg2 worked better for me, but I still use gpg1 sometimes.
>>
>> The real gpg password is not stored anywhere; I have to enter it at
>> run-time.
>>
>> For example, if I remove the test password, I see the following:
>>
>> mvn package gpg:sign -PkeyTest
>> ...
>> [INFO] [jar:jar {execution: default-jar}]
>> [INFO] [jar:test-jar {execution: default}]
>> [INFO] [gpg:sign {execution: default-cli}]
>> GPG Passphrase: * <= enter the passphrase here.
>>
>> The same applies to gpg1 and gpg2, but if I use gpg2, I also get the
>> following warnings:
>>
>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
>> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
>>
>> The settings-security.xml file is not needed for GPG passwords.
>> And I've not tried it.
>>
>> I suggest you set up a dummy local key and password as per my example.
>> Get that working, then try specifying the secret key ring to point to
>> the dummy key.
>> When that works, drop the password.
>> Then fix the secret key ring tag to point to your real secret key ring.
>>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>> > For additional commands, e-mail: dev-h...@commons.apache.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>> For additional commands, e-mail: dev-h...@commons.apache.org
>>
>>
>
>
> --
> E-Mail: garydgreg...@gmail.com | ggreg...@apache.org
> JUnit in Action, 2nd Ed: <http://goog_1249600977>http://bit.ly/ECvg0
> Spring Batch in Action: <http://s.apache.org/HOq>http://bit.ly/bqpbCK
> Blog: http://garygregory.wordpress.com
> Home: http://garygregory.com/
> Tweet! http://twitter.com/GaryGregory
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
