Uploaded image for project: 'Maven GPG Plugin'
  1. Maven GPG Plugin
  2. MGPG-136

"gpg: signing failed: Bad passphrase" on GitHub Windows runners

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6
    • 3.2.7
    • None

    Description

      Version 3.2.0 - 3.2.6 fail with "gpg: signing failed: Bad passphrase" on GitHub Windows Runners.

      Using Linux or downgrading to version 3.1.0 seems to work fine.

      It's not clear what changed in these newer versions but https://github.com/apache/maven-gpg-plugin/blob/3a31714e9cbdde86a6b12f1ef05d5c60252fef4a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java#L368 looks like a highly supicious way of reading environment variables. It's possible that this approach does not work properly under Powershell.

      If I echo "$env:MAVEN_GPG_PASSPHRASE" on the GitHub Windows runner, I get back the correct value, so it sounds like there is a bug in the way that this plugin is choosing to read the environment variable.

      What makes this a bit tricky, however, is that the environment variable is called $MAVEN_GPG_PASSPHRASE on Linux, %MAVEN_GPG_PASSPHRASE% on cmd.exe and $env:MAVEN_GPG_PASSPHRASE on Powershell. GitHub is using the Powershell variant.

      Can you guys please look into this?

      Attachments

        Issue Links

          Activity

            People

              cstamas Tamas Cservenak
              cowwoc Gili
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: