You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by GitBox <gi...@apache.org> on 2022/08/23 03:21:29 UTC

[GitHub] [hbase] saintstack commented on a diff in pull request #4716: HBASE-27312 Update create-release to work with maven-gpg-plugin-3.0.1 and gnupg >= 2.1.x

saintstack commented on code in PR #4716:
URL: https://github.com/apache/hbase/pull/4716#discussion_r951656957


##########
dev-support/create-release/release-util.sh:
##########
@@ -30,7 +30,7 @@
 DRY_RUN=${DRY_RUN:-1} #default to dry run
 DEBUG=${DEBUG:-0}
 GPG=${GPG:-gpg}
-GPG_ARGS=(--no-autostart --batch)
+GPG_ARGS=(-v --no-autostart --batch --pinentry-mode error)

Review Comment:
   You want to add this?



##########
dev-support/create-release/do-release-docker.sh:
##########
@@ -320,7 +320,7 @@ else
   # agent socket and agent extra socket to your local gpg-agent's extra socket. See the README.txt
   # for an example.
   GPG_PROXY_MOUNT=(--mount \
-      "type=bind,src=$(gpgconf --list-dir agent-extra-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")
+      "type=bind,src=$(gpgconf --list-dir agent-socket),dst=/home/${USER}/.gnupg/S.gpg-agent")

Review Comment:
   I suppose so. Would be good to try it on linux but going by Mac osx experience, would be surprised if the restricted extra socket worked with the maven gpg plugin pinentry-mode setting.... So yeah, lets make this change.  



##########
dev-support/create-release/README.txt:
##########
@@ -105,6 +105,9 @@ $ scp ~/gpg.example.apache.pub example.gce.host:
 #   gpg-agent's extra socket (this will restrict what commands the remote node is allowed to have
 #   your agent handle. Note that the gpg guide above can help you set this up in your ssh config
 #   rather than typing it in ssh like this every time.
+# Note that as of maven-gpg-plugin, with gnupg >= 2.1, the plugin uses `--pinentry-mode error`,

Review Comment:
   Want to say more here that the scripts have undone use of extra socket... And add in the paragraph you have at the head of this PR where you note implications of our skirting the 'restricted' socket?



##########
dev-support/create-release/release-util.sh:
##########
@@ -639,10 +639,16 @@ make_binary_release() {
   # a third to assemble the binary artifact. Trying to do
   # all in the one invocation fails; a problem in our
   # assembly spec to in maven. TODO. Meantime, three invocations.
-  "${MVN[@]}" clean install -DskipTests
-  "${MVN[@]}" site -DskipTests
+  cmd=("${MVN[@]}" clean install -DskipTests)
+  echo "${cmd[*]}"
+  "${cmd[@]}"
+  cmd=("${MVN[@]}" site -DskipTests)
+  echo "${cmd[*]}"
+  "${cmd[@]}"
   kick_gpg_agent
-  "${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}"
+  cmd=("${MVN[@]}" install assembly:single -DskipTests -Dcheckstyle.skip=true "${PUBLISH_PROFILES[@]}")
+  echo "${cmd[*]}"
+  "${cmd[@]}"

Review Comment:
   These changes are probably not needed? Or not related to what this PR is about?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@hbase.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org