New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tycho gpg plugin does not require keyring import when using tycho's signer 'bc' #396

Open

HannesWell opened this issue Oct 4, 2024 · 0 comments

Contributor

HannesWell commented Oct 4, 2024

In https://github.com/eclipse-cbi/jiro/wiki#required-steps-for-a-pipeline-job it is explained that the keyring has to be imported in the following way to use it with the maven-gpg-plugin:

                withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
                    sh 'gpg --batch --import "${KEYRING}"'
                    sh 'for fpr in $(gpg --list-keys --with-colons  | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
                }

But at least when using the tycho-gpg-plugin with the bc signer it can be omitted and the keyring can be passed directly:

withCredentials([
	file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING'),
	string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')
]) {
	sh '''
		mvn clean verify -Dtycho.pgp.signer=bc -Dtycho.pgp.signer.bc.secretKeys="${KEYRING}" -Dgpg.passphrase="${KEYRING_PASSPHRASE}" -Dgpg.keyname="<your-keyname>"
	'''
}

See also

I think it's worth to mention that at least when using Tycho one can save the first step.

The text was updated successfully, but these errors were encountered:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment