[MGPG-99] Passcode byte array provided to gpg executable on stdin is not terminated - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.0
Fix Version/s: 3.2.0
Labels:
None

Description

We ran into a strange issue using the maven-gpg-plugin with gnu gpg 2.3.7.

The 2.x versions of gpg prefer to take the passcode for the signing key via stdin and the maven-gpg-plugin does setup the signing process accordingly with the `--passphrase-fd 0` argument provided to the command process.

On Line 106 the passcode is written to as bytes to the input stream that is then provided in Line 173 to the gpg process.

Unfortunately it appears that gpg requires a `CR` or `LF` to recognise that the passcode is provided as arg 0 on stdin. In our case it does not and the process fails with following error: `gpg: signing failed: No pinentry` .

The use of the loopback pinentry device is properly configured by the plugin but the hint for us was that the gpg executable did not know there was any input on stdin.

After some experimentation, we found that appending a `CR` character to the passcode will trigger the stdin to provide the passcode to the program.

This "fix" looks like this in the `settings.xml` file.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

image-2023-08-15-10-40-10-637.png
15/Aug/23 00:40
11 kB
Niels Bertram

Issue Links

is related to

MGPG-136 "gpg: signing failed: Bad passphrase" on GitHub Windows runners

Closed

relates to

MGPG-145 (IT suite) IT did not catch issue on Windows OS

Open

links to

GitHub Pull Request #76

Activity

People

Assignee:: Tamas Cservenak

Reporter:: Niels Bertram

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Aug/23 00:40

Updated:: 24/Sep/24 14:29

Resolved:: 05/Mar/24 09:05