You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by David Jencks <da...@yahoo.com> on 2009/11/28 23:41:37 UTC
Does gpg plugin work properly with gpg 2.0.12, the use of which is specified by apache?
Recently I followed the apache advice to update my code signing key to
4096 bits, see http://www.apache.org/dev/openpgp.html As part of that
effort I installed MacGPG2-2.0.12 as the most likely version of gpg
2.0.12 for a mac. Although documentation seems a bit sparse I think I
started the gpg agent as well.
Running a release I see a message at every signing opportunity
gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
You need a passphrase to unlock the secret key for
user: "David Jencks (CODE SIGNING KEY) <dj...@apache.org>"
4096-bit RSA key, ID A2F9E313, created 2009-11-25
and every hour or so (??) a dialog box pops up for me to supply the
passphrase (it was a long build). This never happened before I
updated gpg, the passphrase in my settings.xml was used.
We are using the apache 6 parent pom which specifies the 1.0-alpha-4
version of this plugin.
Anyone have an idea what is going on?
thanks
david jencks
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Does gpg plugin work properly with gpg 2.0.12, the use of which is specified by apache?
Posted by Brett Porter <br...@apache.org>.
Not sure what is happening here, but I was able to use a new key (generated with gpg2) to sign a release recently using gpg. For me, gpg is 1.4.9 and gpg2 is 2.0.12 (different command line arguments)
On 29/11/2009, at 9:41 AM, David Jencks wrote:
> Recently I followed the apache advice to update my code signing key to 4096 bits, see http://www.apache.org/dev/openpgp.html As part of that effort I installed MacGPG2-2.0.12 as the most likely version of gpg 2.0.12 for a mac. Although documentation seems a bit sparse I think I started the gpg agent as well.
>
> Running a release I see a message at every signing opportunity
>
> gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
>
> You need a passphrase to unlock the secret key for
> user: "David Jencks (CODE SIGNING KEY) <dj...@apache.org>"
> 4096-bit RSA key, ID A2F9E313, created 2009-11-25
>
> and every hour or so (??) a dialog box pops up for me to supply the passphrase (it was a long build). This never happened before I updated gpg, the passphrase in my settings.xml was used.
>
> We are using the apache 6 parent pom which specifies the 1.0-alpha-4 version of this plugin.
>
> Anyone have an idea what is going on?
>
> thanks
> david jencks
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
> For additional commands, e-mail: dev-help@maven.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org