New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exception while signing artifacts using in-memory ascii-armored keys #15718
Comments
I have fixed it using GPG instead of OpenSSL. |
@xaviarias Would you mind providing your solution in more details how you fixed this? |
@xaviarias, do you mean that you added I tried that but it didn't fix the issue. I'm using Gradle 6.8.3. |
@gnarea I was able to work around this by using $ gpg --export-secret-key ${your_keyid} > /path/to/keyring.gpg Then, you should create add a Still, the problem remains when using the Any hints? |
I was able to successfully sign with the Here's what I did:
Then you should escape the output and add it to your gradle.properties file, like so: signing.key=-----BEGIN PGP PRIVATE KEY BLOCK-----\n\nexported_secret_key\n-----END PGP PRIVATE KEY BLOCK----- Then, you need to set your signing.keyId on the same file, but only the last 8 characters! signing.keyId=abcd1234
# you also need your password
signing.password=yourpassword123 This did the trick! Previously, I was using the whole |
A note in case anyone else hits a related issue I encountered, namely a |
The ASCII armored signing key contains important new line characters that are lost when passed directly to gradle as an environment variable. A solution that works without having to create a
|
@samuel-rufi You can put newlines in environment variables. I have successfully passed newlines in a github secret to Gradle via environment variables. Perhaps you are losing them in the process of setting them? |
I had the exact same issue on a jenkins CI server. Turns out that jenkins doesn't support putting newlines in secret text credentials because of its security model (jenkins autmotically masks credentials in log output and this only works for strings without new lines) Using the base64 encoded key as suggested by @samuel-rufi did the trick |
ascii-armor is already a base64 encoded string. it feels inefficient to base64 it again. Here's a better alternative by splitting your one-liner input back to ascii-armor: useInMemoryPgpKeys(signingKey.chunked(64).joinToString("\n"), signingPassword) |
I also got it working by using only the last 8 characters of the keyId. Using it fully was causing failure. |
I have a project using the
signing
plugin and I'm tryign to sign the artifact in a CI workflow using environment variables as described here.When reading GPG exported armored ASCII secret key, the signing plugin cannot read from the environment variable
ORG_GRADLE_PROJECT_signingKey
as described in the docs.Expected Behavior
The signing plugin should read the environment variable
ORG_GRADLE_PROJECT_signingKey
and sign the artifacts.Current Behavior
This is the error stack trace:
Context
While trying to sign artifacts before being published using the signing plugin, the read packet tag is incorrect.
The BouncyCastle library (class
PGPSecretKeyRing
) tries to match the first byte of the secret key:But the first character should be
0x14
in order to match the SECRET_KEY condition, which is a non-printable char.How can the armored secret key can contain this character? Or I am missing something? My secret key looks like:
Steps to Reproduce
Define a project with the Gradle plugins:
In a terminal, export the environment variables
ORG_GRADLE_PROJECT_signingKey
andORG_GRADLE_PROJECT_signingPassword
, and run the Gradle task:./gradlew signMavenPublication
.Your Environment
I'm using Gradle 6.7 in a MacOSX Big Sur, Intellij 2020.
The text was updated successfully, but these errors were encountered: