Embracing the Messiness in Search of Epic Solutions

Maven GPG Plugin: Prevent Signing Prompt or “gpg: signing failed: No such file or directory” Error

Posted

in

PROBLEM

Given the following Maven settings.xml:-

<?xml version="1.0"?>
<settings>
	<profiles>
		<profile>
			<activation>
				<activeByDefault>true</activeByDefault>
			</activation>
			<properties>
				<gpg.executable>/usr/local/bin/gpg</gpg.executable>
				<gpg.passphrase>XXXXXXXXXXXXXXXXXX</gpg.passphrase>
			</properties>
		</profile>
	</profiles>
</settings>

… and the following Maven GPG Plugin configuration in pom.xml:-

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.6</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>

When running mvn clean deploy, you either get a prompt for you to enter the GPG passphrase:-

┌────────────────────────────────────────────────────────────────┐
│ Please enter the passphrase to unlock the OpenPGP secret key:  │
│ "Shitty Author <[email protected]>"                             │
│ 2048-bit RSA key, ID 9F1A27DFE94D5473,                         │
│ created 2015-05-08.                                            │
│                                                                │
│                                                                │
│ Passphrase: __________________________________________________ │
│                                                                │
│         <OK>                                    <Cancel>       │
└────────────────────────────────────────────────────────────────┘

… or, get the following error:-

gpg: signing failed: No such file or directory

The long story short, Maven GPG Plugin isn’t using the passphrase defined in the Maven settings.xml… AND THIS UPSETS THE HONEY BADGER!

SOLUTION

If you 1) initially had it working in the past, and 2) have tried all sorts of solutions from the web, and still couldn’t get it working, chances are you have unconsciously upgraded GPG version from 2.0 to 2.1.

You can check your GPG version by running the following command:-

✗ gpg --version
gpg (GnuPG) 2.1.21
libgcrypt 1.7.6
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /Users/shitty-author/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

To fix this, GPG 2.1 requires --pinentry-mode to be set to loopback in order to pick up gpg.passphrase value defined in Maven settings.xml.

So, update Maven GPG Plugin configuration in pom.xml to the following:-

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.6</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
            <configuration>
                <gpgArguments>
                    <arg>--pinentry-mode</arg>
                    <arg>loopback</arg>
                </gpgArguments>
            </configuration>
        </execution>
    </executions>
</plugin>

When re-running mvn clean deploy, it should deploy the artifact properly now.

Comments

4 responses to “Maven GPG Plugin: Prevent Signing Prompt or “gpg: signing failed: No such file or directory” Error”

  1. Random Poster Avatar
    Random Poster

    thank you

  2. Somak Chattopadhyay Avatar
    Somak Chattopadhyay

    This was super helpful

  3. yingzhor Avatar

    Thank you. You saved my hours.

  4. Tina Avatar
    Tina

    Thanks a lot man! Referenced you in a fix, helped a lot 🙂

    https://github.com/Twasi/websocket-obs-java/issues/20

Leave a Reply to yingzhorCancel reply