Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is gpg-argument '--pinentry-mode loopback' still necessary? #271

Closed
2 of 5 tasks
HannesWell opened this issue Jan 8, 2022 · 3 comments
Closed
2 of 5 tasks

Is gpg-argument '--pinentry-mode loopback' still necessary? #271

HannesWell opened this issue Jan 8, 2022 · 3 comments
Assignees
@e-korolevskii
Labels
bug Something isn't working

Comments

@HannesWell
Copy link

Description:
The documentation of the setup-java action states that for the maven-gpg-plugin the gpgArguments should be configured to be --pinentry-mode loopback in order to "to pick up the gpg.passphrase value defined in Maven settings.xml." and consequently avoid failures of the signing process (this was added with PR #122).

But I just set up a Maven build that includes GPG signing and succeeds even tough the --pinentry-mode loopback arguments in the maven-gpg-plugin are not set.

Therefore I wonder if these arguments are still necessary? Maybe due to updates to GPG or the version used in the GH runners or maybe there is some magic environment configuration in the GH runners themself? I'm neither very familiar with GPG nor with the GitHub Action runners, so I cannot tell.
I just noticed that it worked for me even for several builds without that configuration. Or have I just been lucky and could get the errors mentioned in the document in some day?

Task version:
v2

Platform:

  • Ubuntu
  • macOS
  • Windows

Runner type:

  • Hosted
  • Self-hosted

Repro steps:
Set up a usual Maven build that includes gpg signing, but without specifying the --pinentry-mode loopback arguments for the gpg-process like I did here:
https://github.com/axkr/symja_android_library/blob/master/symja_android_library/pom.xml
The GH-workflow used to perform the build is:
https://github.com/axkr/symja_android_library/blob/master/.github/workflows/maven-build-master-and-publish-snapshot.yml

Expected behavior:
Failure of the GPG signing process.

Actual behavior:
Signing completed successfully.
@HannesWell HannesWell added bug Something isn't working needs triage labels Jan 8, 2022
@dmitry-shibanov
Copy link
Contributor

Hello @HannesWell. Thank you for your report. We'll investigate the issue.

@GreatDealsForU
Copy link

Hello @HannesWell. Thank you for your report. We'll investigate the issue. what if i dont remember a request that was made how can i know if hacker?

@e-korolevskii
Copy link
Contributor

Hello everyone, sorry for that it takes so long.

If you not set a --pinentry-mode it will use the default of the agent. Since GnuPG 2.1.12 release, the default mode is –allow-loopback-pinentry, so that is the reason why it`s work even if you not specify that argument.

For now I will close that issue, but if you have any additional questions - feel free to ask here or open a separated issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@e-korolevskii e-korolevskii

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dmitry-shibanov @HannesWell @GreatDealsForU @e-korolevskii