Details
-
Bug
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6
-
None
-
Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae)
Maven home: C:\Users\runneradmin\.m2\wrapper\dists\apache-maven-3.9.6-bin\3311e1d4\apache-maven-3.9.6
Java version: 1.8.0_422, vendor: Azul Systems, Inc., runtime: C:\hostedtoolcache\windows\Java_Zulu_jdk\8.0.422-5\x64\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows server 2022", version: "10.0", arch: "aarch64", family: "windows"Apache Maven 3.9.6 (bc0240f3c744dd6b6ec2920b3cd08dcc295161ae) Maven home: C:\Users\runneradmin\.m2\wrapper\dists\apache-maven-3.9.6-bin\3311e1d4\apache-maven-3.9.6 Java version: 1.8.0_422, vendor: Azul Systems, Inc., runtime: C:\hostedtoolcache\windows\Java_Zulu_jdk\8.0.422-5\x64\jre Default locale: en_US, platform encoding: Cp1252 OS name: "windows server 2022", version: "10.0", arch: "aarch64", family: "windows"
Description
Version 3.2.0 - 3.2.6 fail with "gpg: signing failed: Bad passphrase" on GitHub Windows Runners.
Using Linux or downgrading to version 3.1.0 seems to work fine.
It's not clear what changed in these newer versions but https://github.com/apache/maven-gpg-plugin/blob/3a31714e9cbdde86a6b12f1ef05d5c60252fef4a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java#L368 looks like a highly supicious way of reading environment variables. It's possible that this approach does not work properly under Powershell.
If I echo "$env:MAVEN_GPG_PASSPHRASE" on the GitHub Windows runner, I get back the correct value, so it sounds like there is a bug in the way that this plugin is choosing to read the environment variable.
What makes this a bit tricky, however, is that the environment variable is called $MAVEN_GPG_PASSPHRASE on Linux, %MAVEN_GPG_PASSPHRASE% on cmd.exe and $env:MAVEN_GPG_PASSPHRASE on Powershell. GitHub is using the Powershell variant.
Can you guys please look into this?