[docker] gpg failed to sign the data

[FabioPinheiro]

I was trying to you Scala Steward inside docker and got into an IOException when creating the PR. java.io.IOException: error: gpg failed to sign the data.

I suspect that the problem is something in the base docker image or git configuration inside. I can try to fix. But can someone first replicate the problem or am I doing something wrong?

2019-07-25 00:10:57,600 ERROR ──────────── Nurture FabioPinheiro/fmgp ──────────── failed
java.io.IOException: error: gpg failed to sign the data
fatal: failed to write commit object
    at org.scalasteward.core.io.ProcessAlg$$anon$1.$anonfun$exec$3(ProcessAlg.scala:68)
    at cats.effect.internals.IORunLoop$.cats$effect$internals$IORunLoop$$loop(IORunLoop.scala:87)
    at cats.effect.internals.IORunLoop$.startCancelable(IORunLoop.scala:41)
    at cats.effect.internals.IOBracket$BracketStart.run(IOBracket.scala:86)
    at cats.effect.internals.Trampoline.cats$effect$internals$Trampoline$$immediateLoop(Trampoline.scala:70)
    at cats.effect.internals.Trampoline.startLoop(Trampoline.scala:36)
    at cats.effect.internals.TrampolineEC$JVMTrampoline.super$startLoop(TrampolineEC.scala:93)
    at cats.effect.internals.TrampolineEC$JVMTrampoline.$anonfun$startLoop$1(TrampolineEC.scala:93)
    at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23)
    at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:85)
    at cats.effect.internals.TrampolineEC$JVMTrampoline.startLoop(TrampolineEC.scala:93)
    at cats.effect.internals.Trampoline.execute(Trampoline.scala:43)
    at cats.effect.internals.TrampolineEC.execute(TrampolineEC.scala:44)
    at cats.effect.internals.Callback$AsyncIdempotentCallback.apply(Callback.scala:133)
    at cats.effect.internals.Callback$AsyncIdempotentCallback.apply(Callback.scala:120)
    at org.http4s.client.blaze.Http1Connection.parsePrelude(Http1Connection.scala:296)
    at org.http4s.client.blaze.Http1Connection.$anonfun$readAndParsePrelude$1(Http1Connection.scala:189)
    at org.http4s.client.blaze.Http1Connection.$anonfun$readAndParsePrelude$1$adapted(Http1Connection.scala:188)
    at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:64)
    at java.util.concurrent.ForkJoinTask$RunnableExecuteAction.exec(ForkJoinTask.java:1402)
    at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
    at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
    at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
    at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:157)
2019-07-25 00:10:57,602 INFO  ──────────── Total time: FabioPinheiro/fmgp: 5m 35s 436ms ────────────

[fthomas]

Here are some pointers that signing commits can be done with gpg-agent and gpg-preset-passphrase: https://gitter.im/fthomas/scala-steward?at=5d2c5b8e570ac36f8d2a108a.

[FabioPinheiro]

Thx @fthomas

[arashi01]

@fthomas Currently having the same issue but it seems the link is stale. Do you know if the information is available anywhere else?

[fthomas]

@arashi01 The Gitter room has moved: https://gitter.im/scala-steward-org/scala-steward?at=5d2c5b8e570ac36f8d2a108a

[arashi01]

Thanks @fthomas !

[fthomas]

Btw, since the chat above, the --git-author-signing-key $KEY command-line option has been added (https://github.com/scala-steward-org/scala-steward/pull/1775). It should help Git selecting the right key for signing commits.

[fthomas]

For posterity, the relevant bits from the chat linked in https://github.com/scala-steward-org/scala-steward/issues/758#issuecomment-962437451 are:

hi guys, in order to use the --sign-commits flag where do I have to put the GPG private key and password? I'm using the docker container for the bot

This is tricky. You have to convince git that it signs commits without asking for the GPG passphrase. I'm using gpg-agent and gpg-preset-passphrase for that.

I see the gpg-agent is available on the docker image but the utility gpg-preset-passphrase is not, do you plan to add it in the future?

ah, and for anyone interested, you can find the gpg-preset-passphrase in /usr/lib/gnupg2/gpg-preset-passphrase there isn't a /usr/bin/gpg-preset-passphrase

[daddykotex]

Hey @fthomas I don't want to bring back an old issue, but when running in Docker, should one assume that gpg is installed?

I ask because I just realized that commits were no being signed via the instance we run internally. I tried adding --sign-commits but it failed with:

org.scalasteward.core.io.process$ProcessFailedException: 'GIT_ASKPASS=/opt/scala-steward/scripts/echo-gh-token.sh git -c core.hooksPath=/dev/null commit --all --gpg-sign -m Update cats-effect to 3.3.14' exited with code 128.
error: cannot run gpg: No such file or directory
error: gpg failed to sign the data:
(no gpg output)
fatal: failed to write commit object

And I manually checked, and GPG is not available in the image. Should it be apk added ?

[fthomas]

Should it be apk added ?

I can't think of a good reason to not add it.