如何从环境变量或命令行属性中获取maven-gpg-plugin以使用密码短语? [英] How do I get the maven-gpg-plugin to use a passphrase from environment variable or command line property?

问题描述

我已经看到:使用时避免gpg签名提示Maven发布插件，但是它是用于非常老版本的maven，并且我使用的是3.2.2，因此相同的解决方案不适用.

I've seen: Avoid gpg signing prompt when using Maven release plugin but it's for a very old version of maven, and I'm using 3.2.2, so the same solution doesn't apply.

基本上，无论命令行上的属性，pom.xml中的属性或环境变量是哪种组合，我都无法使用maven gpg插件来避免弹出代理对话框.

Basically, no matter what combination of properties on the command line, properties in the pom.xml, or environment variables I cannot get the maven gpg plugin to avoid popping up the agent dialog.

出于安全原因，我们决定在settings.xml中不以纯文本形式包含密码短语，因为这是一个糟糕的主意.而且使用加密的Maven东西只需将主密钥移动到另一个纯文本文件即可.

We've decided for security reasons to not include the passphrase in plain text in the settings.xml, because that's a terrible idea. And using the encrypted maven stuff just moves the master key to a different plain text file.

软件版本:

$ gpg --version
gpg (GnuPG) 2.1.2
libgcrypt 1.6.2

$ mvn --version
Apache Maven 3.2.2 (45f7c06d68e745d05611f7fd14efb6594181933e; 2014-06-17T08:51:42-05:00)

我尝试过

mvn -Dgpg.passphrase='lolpassphrase'

使用pom.xml中的属性从环境中获取它:

Using the properties in the pom.xml to get it from the environment:

        <properties>
            <gpg.keyname>E7C89BBB</gpg.keyname>
            <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
        </properties>

然后:

GPG_PASSPHRASE='lolpassphrase' mvn install 

显然我的gpg代理人妨碍了我并向我撒谎 如果我在pom.xml属性中设置了实际的密码，GPG代理会 still 提示我:(

Apparently my gpg agent was getting in the way and lying to me the GPG agent will still prompt me if I set the actual passphrase in the pom.xml properties :(

        <properties>
            <gpg.keyname>E7C89BBB</gpg.keyname>
            <gpg.passphrase><![CDATA[lolcomplicatedpassphrase]]></gpg.passphrase>
        </properties>

必须做到这一点，而不必将密码以纯文本形式保存在某处，但是我无法使用合适的Google来找到此答案，希望你们能为我提供帮助.

There has to be a way to do this without keeping the password in plain text somewhere, but I'm unable to use the right googles to find this answer, hoping you guys can help me out.

推荐答案

此解决方案仅适用于gnupg2.1.x. 2.0.x无法识别--pinentry-mode命令行参数，因此会崩溃.不幸的是，在行家中，除了第二个配置文件之外，我没有办法让每个版本的gnupg都做正确的事情.可能需要对插件进行更新才能以正确"的方式进行操作.

this solution only works on gnupg 2.1.x. 2.0.x doesn't recognize the --pinentry-mode command line parameter and it blows up. Unfortunately, in the mavens there's no way that I know of, besides a second profile, to have it do the right thing per which version of gnupg. It would probably need an update to the plugin to do it the "right" way.

Jeeez，我刚刚弄清楚了，您必须为gpg指定一对参数，以将其pinentry模式更改为回送".完成此操作后，它将兑现gpg.密码值，可以来自环境变量，也可以来自用户属性.哇，真是晦涩.

Jeez, I just figured this out, you must specify a pair of arguments to gpg to change it's pinentry-mode to 'loopback' Once you've done this, it will honor the gpg.passphrase value, either from an environment variable or from a user property. Wow that was obscure.

                <plugin>
                    <groupId>org.apache.maven.plugins</groupId>
                    <artifactId>maven-gpg-plugin</artifactId>
                    <version>1.6</version>
                    <executions>
                        <execution>
                            <id>sign-artifacts</id>
                            <phase>verify</phase>
                            <goals>
                                <goal>sign</goal>
                            </goals>
                            <configuration>
                                <!-- This is necessary for gpg to not try to use the pinentry programs -->
                                <gpgArguments>
                                    <arg>--pinentry-mode</arg>
                                    <arg>loopback</arg>
                                </gpgArguments>
                            </configuration>
                        </execution>
                    </executions>
                </plugin>

这篇关于如何从环境变量或命令行属性中获取maven-gpg-plugin以使用密码短语?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！