[MGPG-99] Passcode byte array provided to gpg executable on stdin is not terminated - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.1.0
Fix Version/s: 3.2.0
Labels:
None

Description

We ran into a strange issue using the maven-gpg-plugin with gnu gpg 2.3.7.

The 2.x versions of gpg prefer to take the passcode for the signing key via stdin and the maven-gpg-plugin does setup the signing process accordingly with the `--passphrase-fd 0` argument provided to the command process.

On Line 106 the passcode is written to as bytes to the input stream that is then provided in Line 173 to the gpg process.

Unfortunately it appears that gpg requires a `CR` or `LF` to recognise that the passcode is provided as arg 0 on stdin. In our case it does not and the process fails with following error: `gpg: signing failed: No pinentry` .

The use of the loopback pinentry device is properly configured by the plugin but the hint for us was that the gpg executable did not know there was any input on stdin.

After some experimentation, we found that appending a `CR` character to the passcode will trigger the stdin to provide the passcode to the program.

This "fix" looks like this in the `settings.xml` file.