[GRADLE-2927] Signing plugin unable to find subkey Created: 22/Oct/13  Updated: 10/Feb/17  Resolved: 10/Feb/17

Status: Resolved
Project: Gradle
Affects Version/s: None
Fix Version/s: None

Type: Bug
Reporter: Gradle Forums Assignee: Unassigned
Resolution: Won't Fix Votes: 2


 Description   

I am trying to use the signing plugin to sign my jars before uploading to the sonatype maven repository, but using a subkey instead of the master. If I use the master key id, then it works fine, but if I try to use the subkey id, I get an error:

:signArchives

FAILURE: Build failed with an exception.

  • What went wrong:
    did not find secret key for id 'XXXXXXXX' in key source 'file: /Users/crotwell/.gnupg/secring.gpg'

The subkey is present in the ring file, I can see it with
gpg --list-secret-keys --list-options show-keyring
and I have the correct values set up for signing.keyId and signing.secretKeyRingFile. I am able to sign files manually with the subkey using gpg --detach-sig.

It seems like the signArchives task can only use the master key instead of a subkey?

I suppose a workaround might be to make a separate keyring that only contains the subkey, but that seems like it should not be required.



 Comments   
Comment by Gradle Forums [ 22/Oct/13 ]

This is just a shortcoming. The plugin would have to be updated to support subkeys.

Comment by Gradle Forums [ 22/Oct/13 ]

OK, thanks.

Is there a jira issue for this?

thanks
Philip

Comment by Benjamin Muschko [ 15/Nov/16 ]

As announced on the Gradle blog we are planning to completely migrate issues from JIRA to GitHub.

We intend to prioritize issues that are actionable and impactful while working more closely with the community. Many of our JIRA issues are inactionable or irrelevant. We would like to request your help to ensure we can appropriately prioritize JIRA issues you’ve contributed to.

Please confirm that you still advocate for your JIRA issue before December 10th, 2016 by:

  • Checking that your issues contain requisite context, impact, behaviors, and examples as described in our published guidelines.
  • Leave a comment on the JIRA issue or open a new GitHub issue confirming that the above is complete.

We look forward to collaborating with you more closely on GitHub. Thank you for your contribution to Gradle!

Comment by Benjamin Muschko [ 10/Feb/17 ]

Thanks again for reporting this issue. We haven't heard back from you after our inquiry from November 15th. We are closing this issue now. Please create an issue on GitHub if you still feel passionate about getting it resolved.

Generated at Wed Jun 30 12:35:13 CDT 2021 using Jira 8.4.2#804003-sha1:d21414fc212e3af190e92c2d2ac41299b89402cf.