Maven-gpg-plugin and --pinentry-mode loopback to sign artifacts of the build

bhamail · August 7, 2019, 2:18am

I’m trying to get my maven build to sign the artifacts it produces. I have the ‘maven-gpg-plugin’ working fine locally, but on travis-ci, it appears the gpg-agent does not support using “–pinentry-mode loopback” option. Here’s the CI build error:

[INFO] --- maven-gpg-plugin:1.6:sign (sign-artifacts) @ nexus-format-archetype ---
gpg: setting pinentry mode 'loopback' failed: Not supported
gpg: signing failed: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device

The ‘maven-gpg-plugin’ is configured to send the key passphrase like so:

          <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-gpg-plugin</artifactId>
        <version>1.6</version>
        <executions>
          <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
              <goal>sign</goal>
            </goals>
          </execution>
        </executions>
        <configuration>
          <gpgArguments>
            <gpgArgument>--pinentry-mode</gpgArgument>
            <gpgArgument>loopback</gpgArgument>
          </gpgArguments>
        </configuration>
      </plugin>

FWIW, I made sure the various gpg keys are imported from env vars and successfully loaded into the travis gpg db.

I stumbled about trying to reconfigure the gpg-agent to support --pinentry, but failed. Any idea how I can get this working on Travis? Thanks!

funfried · January 8, 2020, 8:36pm

I have exactly the same issue, did you manage to solve this somehow?

Best regards,
Fabian

native-api · January 9, 2020, 12:04am

Without seeing the build, can’t say anything for sure.

According to https://www.fluidkeys.com/tweak-gpg-2.1.11/ and https://lists.gt.net/gnupg/devel/78147#78147, you need to either upgrade to Bionic or add allow-loopback-pinentry into gpg-agent.conf.

f-lopes · July 22, 2020, 8:12pm

Hi,

I am also facing the same issue. Did you find a solution?

Thanks

f-lopes · July 24, 2020, 6:43am

Hi,

I have finally found a solution using gpg2 and the latest ubuntu distribution (dist: bionic): https://github.com/f-lopes/spring-mvc-test-utils/commit/7bbb74de9c056a4a809f55bc7eea5987ade7393a#diff-354f30a63fb0907d4ad57269548329e3.

Topic		Replies	Views
SSL: CERTIFICATE_VERIFY_FAILED when trying to download artifact from maven repository Windows	0	1720	November 21, 2018
Downloading artifact authorization failed for https://repo.maven.apache.org 403 Forbidden Travis CI Discussions & Feedback	0	3104	March 21, 2020
Packages authentication error. GPG error google-chrome-stable Linux	1	1220	January 29, 2020
Packages cannot be authenticated. GPG error google-chrome-stable Xenial build-env	6	2534	April 15, 2019
Help troubleshooting failing Travis builds - There were unauthenticated packages and -y was used without --allow-unauthenticated Travis CI Discussions & Feedback	3	1513	January 28, 2020

Maven-gpg-plugin and --pinentry-mode loopback to sign artifacts of the build

Related topics