Gradle signArchives无法读取密钥

pkwftd7m  于 2023-04-21  发布在  Hive
关注(0)|答案(2)|浏览(196)

我正在尝试将我的Java库发布到Maven Central。其中一部分涉及使用signing gradle插件对工件进行签名。我需要在不使用keyring文件作为文档的情况下对其进行签名,因为我无法提供对keyring文件的CI安全访问。
但是,当我这样做时,我的构建失败了:

FAILURE: Build failed with an exception.

* What went wrong:
Could not evaluate onlyIf predicate for task ':signArchives'.
> Could not read PGP secret key

我做错了什么?我假设它与我的GPG_SIGNING_KEY有关。我使用了gpg --list-secret-keys --keyid-format LONG响应的完整私钥。这是不正确的吗?
我的build.gradle

apply plugin: 'java'
apply plugin: 'signing'
apply plugin: 'maven'
apply from: 'publish.gradle'

sourceCompatibility = 1.8

repositories {
    mavenCentral()
}

dependencies {
    compile group: 'org.apache.httpcomponents', name: 'httpclient', version: '4.5.3'
    testCompile 'junit:junit:4.11'
}

task Wrapper(type: Wrapper) {
    gradleVersion = '5.6.2'
}

我的publish.gradle

apply plugin: 'maven'
apply plugin: 'signing'

def isReleaseBuild() {
    return !VERSION.contains("SNAPSHOT")
}

def getReleaseRepositoryUrl() {
    return 'https://oss.sonatype.org/service/local/staging/deploy/maven2/'
}

def getSnapshotRepositoryUrl() {
    return 'https://oss.sonatype.org/content/repositories/snapshots/'
}

afterEvaluate { project ->
    uploadArchives {
        repositories {
            mavenDeployer {
                beforeDeployment { MavenDeployment deployment -> signing.signPom(deployment) }

                repository(url: getReleaseRepositoryUrl()) {
                    def ossrhUsername = OSSRH_USERNAME
                    def ossrhPassword = OSSRH_PASSWORD

                    authentication(userName: ossrhUsername, password: ossrhPassword)
                }

                snapshotRepository(url: getSnapshotRepositoryUrl()) {
                    def ossrhUsername = OSSRH_USERNAME
                    def ossrhPassword = OSSRH_PASSWORD

                    authentication(userName: ossrhUsername, password: ossrhPassword)
                }

                pom.groupId = GROUP_ID
                pom.artifactId = ARTIFACT_ID
                pom.version = VERSION

                pom.project {
                    name ARTIFACT_ID
                    packaging PROJECT_PACKAGING
                    description PROJECT_DESCRIPTION
                    url PROJECT_URL

                    scm {
                        url SCM_URL
                        connection SCM_CONNECTION
                    }

                    licenses {
                        license {
                            name LICENSE_NAME
                            url LICENSE_URL
                        }
                    }

                    organization {
                        name = ORGANIZATION_NAME
                        url = ORGANIZATION_URL
                    }

                    developers {
                        developer {
                            id DEVELOPER_ID
                            name DEVELOPER_NAME
                            email DEVELOPER_EMAIL
                        }
                    }
                }
            }
        }

        signing {
            required { isReleaseBuild() && gradle.taskGraph.hasTask("uploadArchives") }

            def signingKey = GPG_SIGNING_KEY
            def signingPassword = GPG_SIGNING_PASSWORD

            useInMemoryPgpKeys(signingKey, signingPassword)

            sign configurations.archives
        }

        task javadocJar(type: Jar) {
            classifier = 'javadoc'
            from javadoc
        }

        task sourcesJar(type: Jar) {
            classifier = 'sources'
            from sourceSets.main.allSource
        }

        artifacts {
            archives javadocJar, sourcesJar
        }
    }
}

关于gradle.properties

RELEASE_REPOSITORY_URL='https://oss.sonatype.org/service/local/staging/deploy/maven2/'
SNAPSHOT_REPOSITORY_URL='https://oss.sonatype.org/content/repositories/snapshots/'
GPG_SIGNING_KEY=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
GPG_SIGNING_PASSWORD=the password used to encrypt the key
OSSRH_USERNAME=my ossrh username
OSSRH_PASSWORD=my ossrh password

VERSION=1.0.0
GROUP_ID=com.example
ARTIFACT_ID=project-name

PROJECT_PACKAGING=...
PROJECT_DESCRIPTION=...
PROJECT_URL=...

SCM_URL=...
SCM_CONNECTION=...

LICENSE_NAME=Apache License, Version 2.0
LICENSE_URL=...

ORGANIZATION_NAME=...
ORGANIZATION_URL=...

DEVELOPER_ID=...
DEVELOPER_NAME=...
DEVELOPER_EMAIL=...
uelo1irk

uelo1irk1#

正如你所怀疑的,这里的PGP密钥格式是错误的。useInMemoryPgpKeys方法需要一个“ascii-armed in-memory PGP secret key”。gpg --list-secret-keys仅用于人类消费,甚至不显示密钥的“内容”。
您可以使用gpg --armor --export-secret-keys foobar@example.com获得正确格式的密钥。使用您自己的密钥ID(由gpg --list-secret-keys返回)或电子邮件地址,而不是foobar@example.com
要在gradle.properties文件中使用导出的键,您需要转义换行符。例如,您可以为GPG_SIGNING_KEY属性附加一个新的工作行,如下所示:

gpg --armor --export-secret-keys foobar@example.com \
    | awk 'NR == 1 { print "GPG_SIGNING_KEY=" } 1' ORS='\\n' \
    >> gradle.properties

(See this answer,以了解这里使用的主要awk魔术。)
按照描述更新了gradle.properties文件(并使用构建脚本)后,我就可以成功地用./gradlew signArchives对虚拟JAR文件进行签名。

yr9zkbsy

yr9zkbsy2#

要删除不必要的字符,可以用途:

gpg --export-secret-keys <public key 8digits> | base64

相关问题