All geek questions in one place

Gradle uploadArchives task cannot read private key

I created a Gradle project and everything works fine, but when I try to upload it to my Maven repository, I get the following Gradle error:

FAILURE: Build failed with an exception. * What went wrong: Could not evaluate onlyIf predicate for task ':library:signArchives'. > Unable to read secret key from file: C:\Users\ideal\pubring.gpg (it may not be a PGP secret key ring)

I followed the instructions in Sonatype to generate the key, and then copied it from the generated location to the location above. I also published the public key to the MIT keystore. The gradle.properties file in my user directory contains the following gradle.properties related gradle.properties for the keys:

 signing.keyId=MY_KEY_ID signing.password=MY_KEY_PASSWORD signing.secretKeyRingFile=C:\\Users\\ideal\\pubring.gpg

It is on a Windows platform. I tried to find the error message, but the only thing that appears is the source files for the respective plugins.

+13
source share
3 answers

The problem is that you are using the public key, switch to the private key, usually called "secring.gpg". Therefore, in your case, it should be placed in

C: \ Users \ ideal \ secring.gpg

+11
source

The secring.gpg file was deleted in GPG 2.1 .

However, GPG can still create a file like this: gpg --export-secret-keys -o secring.gpg

Pro Tip: If the Gradle signing plugin complains that your key in signing.keyId=MY_KEY_ID too long, you, of course, use a 40 character fingerprint, but you will be asked to enter 8 char. You have two options:

  • You can configure GPG to show 8 char IDs instead of a fingerprint by setting the keyid-format option.

    • Explicitly define this parameter in the CLI: gpg --list-keys --keyid-format short (Thanks tjheslin1!)
    • Make this parameter implicitly active using the parameter file (by default, "~ / .gnupg / gpg.conf").

  • Try the last 8 digits of your 40-character fingerprint. This is for a lazy developer; -)

+35
source

The file "secring.gpg" may not be needed in GPG 2.1 and later and can be created using the commands: "gpg --export-secret-keys -o \ dir \ secring.gpg"

0
source

Source: https://habr.com/ru/post/980965/

More articles:


All Articles