search

siemens / cmp-ra-component

A CMP Registration Authority (RA)
Apache License 2.0
2 stars 5 forks source link

vanilla `mvn install` should not use GPG #100

Open DDvO opened 3 months ago

DDvO commented 3 months ago

On updating to the latest version 4.1.2, I got

[INFO] --- gpg:3.1.0:sign (sign-artifacts) @ CmpRaComponent ---
[INFO] Signing 6 files with default secret key.
gpg: directory '/Users/david/.gnupg' created
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------

I see little point in signing the artifact(s) in a regular build or installation for normal users.

DDvO commented 3 months ago

And retrying after generating a dummy key, I got:

[INFO] --- gpg:3.1.0:sign (sign-artifacts) @ CmpRaComponent ---
[INFO] Signing 6 files with default secret key.
gpg: signing failed: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  9.692 s
[INFO] Finished at: 2024-04-08T14:41:57+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:3.1.0:sign (sign-artifacts) on project CmpRaComponent: Exit code: 2 -> [Help 1]
DDvO commented 3 months ago

Just found this workaround: -Dgpg.skip

Akretsch commented 3 months ago

The different styles of building and deploying shall be documented and referred by the toplevel README.md?