[MGPG-136] "gpg: signing failed: Bad passphrase" on GitHub Windows runners

[jira-importer]

Gili opened MGPG-136 and commented

Version 3.2.0 - 3.2.6 fail with "gpg: signing failed: Bad passphrase" on GitHub Windows Runners.

Using Linux or downgrading to version 3.1.0 seems to work fine.

It's not clear what changed in these newer versions but

maven-gpg-plugin/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java

Line 368 in 3a31714

(String) session.getRepositorySession().getConfigProperties().get("env." + passphraseEnvName);

looks like a highly supicious way of reading environment variables. It's possible that this approach does not work properly under Powershell.

If I echo "$env:MAVEN_GPG_PASSPHRASE" on the GitHub Windows runner, I get back the correct value, so it sounds like there is a bug in the way that this plugin is choosing to read the environment variable.

What makes this a bit tricky, however, is that the environment variable is called $MAVEN_GPG_PASSPHRASE on Linux, %MAVEN_GPG_PASSPHRASE% on cmd.exe and $env:MAVEN_GPG_PASSPHRASE on Powershell. GitHub is using the Powershell variant.

Can you guys please look into this?

---

Affects: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6

Issue Links:

• MGPG-145 (IT suite) IT did not catch issue on Windows OS

• MGPG-99 Passcode byte array provided to gpg executable on stdin is not terminated

Remote Links:

• GitHub Pull Request #120
  

[jira-importer]

Gili commented

I used "mxschmitt/action-tmate@v3" to ssh into the Windows machine and I can confirm that the environment variable MAVEN_GPG_PASSPHRASE is set to the correct value. This leads me to believe that the bug lies in this plugin and not in the "setup-java" Github Action.

[jira-importer]

Gili commented

For what it's worth, here is what "export" returned from the GitHub runner:

declare -x ACLOCAL_PATH="/mingw64/share/aclocal:/usr/share/aclocal"
declare -x ACTIONS_CACHE_URL="https://acghubeus2.actions.githubusercontent.com/Y8P9396O5Wyckx6DhHZEiAHOBah6y3blfiheKJ1kZ0mKxpODoa/"
declare -x ACTIONS_RESULTS_URL="https://results-receiver.actions.githubusercontent.com/"
declare -x ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE="C:\\actionarchivecache\\"
declare -x ACTIONS_RUNTIME_TOKEN="redacted"
declare -x ACTIONS_RUNTIME_URL="https://pipelinesghubeus23.actions.githubusercontent.com/Y8P9396O5Wyckx6DhHZEiAHOBah6y3blfiheKJ1kZ0mKxpODoa/"
declare -x ALLUSERSPROFILE="C:\\ProgramData"
declare -x ANDROID_HOME="C:\\Android\\android-sdk"
declare -x ANDROID_NDK="C:\\Android\\android-sdk\\ndk\\27.0.12077973"
declare -x ANDROID_NDK_HOME="C:\\Android\\android-sdk\\ndk\\27.0.12077973"
declare -x ANDROID_NDK_LATEST_HOME="C:\\Android\\android-sdk\\ndk\\27.0.12077973"
declare -x ANDROID_NDK_ROOT="C:\\Android\\android-sdk\\ndk\\27.0.12077973"
declare -x ANDROID_SDK_ROOT="C:\\Android\\android-sdk"
declare -x ANT_HOME="C:\\ProgramData\\chocolatey\\lib\\ant\\tools\\apache-ant-1.10.14"
declare -x APPDATA="C:\\Users\\runneradmin\\AppData\\Roaming"
declare -x AZURE_CONFIG_DIR="C:\\azureCli"
declare -x AZURE_DEVOPS_CACHE_DIR="C:\\azureDevOpsCli\\cache"
declare -x AZURE_EXTENSION_DIR="C:\\Program Files\\Common Files\\AzureCliExtensionDirectory"
declare -x AZ_DEVOPS_GLOBAL_CONFIG_DIR="C:\\azureDevOpsCli"
declare -x CABAL_DIR="C:\\cabal"
declare -x CHERE_INVOKING="1"
declare -x CI="true"
declare -x COBERTURA_HOME="C:\\cobertura-2.1.1"
declare -x COMMONPROGRAMFILES="C:\\Program Files\\Common Files"
declare -x COMPUTERNAME="fv-az1347-47"
declare -x COMSPEC="C:\\Windows\\system32\\cmd.exe"
declare -x CONDA="C:\\Miniconda"
declare -x CONFIG_SITE="/etc/config.site"
declare -x ChocolateyInstall="C:\\ProgramData\\chocolatey"
declare -x ChromeWebDriver="C:\\SeleniumWebDrivers\\ChromeDriver"
declare -x CommonProgramW6432="C:\\Program Files\\Common Files"
declare -x DEPLOYMENT_BASEPATH="C:\\actions"
declare -x DOTNET_MULTILEVEL_LOOKUP="0"
declare -x DOTNET_NOLOGO="1"
declare -x DOTNET_SKIP_FIRST_TIME_EXPERIENCE="1"
declare -x DriverData="C:\\Windows\\System32\\Drivers\\DriverData"
declare -x EdgeWebDriver="C:\\SeleniumWebDrivers\\EdgeDriver"
declare -x GCM_INTERACTIVE="Never"
declare -x GHCUP_INSTALL_BASE_PREFIX="C:\\"
declare -x GHCUP_MSYS2="C:\\msys64"
declare -x GITHUB_ACTION="__mxschmitt_action-tmate"
declare -x GITHUB_ACTIONS="true"
declare -x GITHUB_ACTION_REF="v3"
declare -x GITHUB_ACTION_REPOSITORY="mxschmitt/action-tmate"
declare -x GITHUB_ACTOR="cowwoc"
declare -x GITHUB_ACTOR_ID="633348"
declare -x GITHUB_API_URL="https://api.github.com"
declare -x GITHUB_BASE_REF=""
declare -x GITHUB_ENV="D:\\a\\_temp\\_runner_file_commands\\set_env_d8f0bbd1-75d8-4174-b3e9-06754711ddb0"
declare -x GITHUB_EVENT_NAME="workflow_dispatch"
declare -x GITHUB_EVENT_PATH="D:\\a\\_temp\\_github_workflow\\event.json"
declare -x GITHUB_GRAPHQL_URL="https://api.github.com/graphql"
declare -x GITHUB_HEAD_REF=""
declare -x GITHUB_JOB="deploy"
declare -x GITHUB_OUTPUT="D:\\a\\_temp\\_runner_file_commands\\set_output_d8f0bbd1-75d8-4174-b3e9-06754711ddb0"
declare -x GITHUB_PATH="D:\\a\\_temp\\_runner_file_commands\\add_path_d8f0bbd1-75d8-4174-b3e9-06754711ddb0"
declare -x GITHUB_REF="refs/heads/master"
declare -x GITHUB_REF_NAME="master"
declare -x GITHUB_REF_PROTECTED="false"
declare -x GITHUB_REF_TYPE="branch"
declare -x GITHUB_REPOSITORY="cmake-maven-project/cmake-maven-project"
declare -x GITHUB_REPOSITORY_ID="45079516"
declare -x GITHUB_REPOSITORY_OWNER="cmake-maven-project"
declare -x GITHUB_REPOSITORY_OWNER_ID="15328128"
declare -x GITHUB_RETENTION_DAYS="90"
declare -x GITHUB_RUN_ATTEMPT="1"
declare -x GITHUB_RUN_ID="10381287736"
declare -x GITHUB_RUN_NUMBER="368"
declare -x GITHUB_SERVER_URL="https://github.com"
declare -x GITHUB_SHA="3d3dfe031f22a102a7cbac18d37de8abfd432421"
declare -x GITHUB_STATE="D:\\a\\_temp\\_runner_file_commands\\save_state_d8f0bbd1-75d8-4174-b3e9-06754711ddb0"
declare -x GITHUB_STEP_SUMMARY="D:\\a\\_temp\\_runner_file_commands\\step_summary_d8f0bbd1-75d8-4174-b3e9-06754711ddb0"
declare -x GITHUB_TRIGGERING_ACTOR="cowwoc"
declare -x GITHUB_WORKFLOW="Deploy to Maven Central"
declare -x GITHUB_WORKFLOW_REF="cmake-maven-project/cmake-maven-project/.github/workflows/deploy_to_maven_central.yml@refs/heads/master"
declare -x GITHUB_WORKFLOW_SHA="3d3dfe031f22a102a7cbac18d37de8abfd432421"
declare -x GITHUB_WORKSPACE="D:\\a\\cmake-maven-project\\cmake-maven-project"
declare -x GOROOT_1_20_X64="C:\\hostedtoolcache\\windows\\go\\1.20.14\\x64"
declare -x GOROOT_1_21_X64="C:\\hostedtoolcache\\windows\\go\\1.21.13\\x64"
declare -x GOROOT_1_22_X64="C:\\hostedtoolcache\\windows\\go\\1.22.6\\x64"
declare -x GRADLE_HOME="C:\\ProgramData\\chocolatey\\lib\\gradle\\tools\\gradle-8.8"
declare -x GeckoWebDriver="C:\\SeleniumWebDrivers\\GeckoDriver"
declare -x HOME="/home/runneradmin"
declare -x HOMEDRIVE="C:"
declare -x HOMEPATH="\\Users\\runneradmin"
declare -x HOSTNAME="fv-az1347-47"
declare -x IEWebDriver="C:\\SeleniumWebDrivers\\IEDriver"
declare -x INFOPATH="/mingw64/local/info:/mingw64/share/info:/usr/local/info:/usr/share/info:/usr/info:/share/info"
declare -x INPUT_DETACHED="false"
declare -x INPUT_SUDO="auto"
declare -x ImageOS="win22"
declare -x ImageVersion="20240807.2.0"
declare -x JAVA_HOME="C:\\hostedtoolcache\\windows\\Java_Zulu_jdk\\8.0.422-5\\x64"
declare -x JAVA_HOME_11_X64="C:\\hostedtoolcache\\windows\\Java_Temurin-Hotspot_jdk\\11.0.24-8\\x64"
declare -x JAVA_HOME_17_X64="C:\\hostedtoolcache\\windows\\Java_Temurin-Hotspot_jdk\\17.0.12-7\\x64"
declare -x JAVA_HOME_21_X64="C:\\hostedtoolcache\\windows\\Java_Temurin-Hotspot_jdk\\21.0.4-7.0\\x64"
declare -x JAVA_HOME_8_X64="C:\\hostedtoolcache\\windows\\Java_Zulu_jdk\\8.0.422-5\\x64"
declare -x LANG="en_US.UTF-8"
declare -x LOCALAPPDATA="C:\\Users\\runneradmin\\AppData\\Local"
declare -x LOGONSERVER="\\\\fv-az1347-47"
declare -x M2="C:\\ProgramData\\chocolatey\\lib\\maven\\apache-maven-3.8.7\\bin"
declare -x M2_REPO="C:\\ProgramData\\m2"
declare -x MANPATH="/mingw64/local/man:/mingw64/share/man:/usr/local/man:/usr/share/man:/usr/man:/share/man"
declare -x MAVEN_GPG_PASSPHRASE="redacted"
declare -x MAVEN_OPTS="-Dos.family=windows -Dos.arch=aarch64 -Dinvoker.skip=true"
declare -x MINGW_CHOST="x86_64-w64-mingw32"
declare -x MINGW_PACKAGE_PREFIX="mingw-w64-x86_64"
declare -x MINGW_PREFIX="/mingw64"
declare -x MSYS2_PATH_TYPE="inherit"
declare -x MSYSTEM="MINGW64"
declare -x MSYSTEM_CARCH="x86_64"
declare -x MSYSTEM_CHOST="x86_64-w64-mingw32"
declare -x MSYSTEM_PREFIX="/mingw64"
declare -x MonAgentClientLocation="C:\\Packages\\Plugins\\Microsoft.Azure.Geneva.GenevaMonitoring\\2.44.0.5\\Monitoring\\Agent"
declare -x NUMBER_OF_PROCESSORS="4"
declare -x OLDPWD
declare -x ORIGINAL_PATH="/c/hostedtoolcache/windows/Java_Zulu_jdk/8.0.422-5/x64/bin:/c/Program Files/MongoDB/Server/5.0/bin:/c/aliyun-cli:/c/vcpkg:/c/Program Files (x86)/NSIS:/c/tools/zstd:/c/Program Files/Mercurial:/c/hostedtoolcache/windows/stack/3.1.1/x64:/c/cabal/b
in:/c/ghcup/bin:/c/mingw64/bin:/c/Program Files/dotnet:/c/Program Files/MySQL/MySQL Server 8.0/bin:/c/Program Files/R/R-4.4.1/bin/x64:/c/SeleniumWebDrivers/GeckoDriver:/c/SeleniumWebDrivers/EdgeDriver:/c/SeleniumWebDrivers/ChromeDriver:/c/Program Files (x86)/sbt/bin:/c/
Program Files (x86)/GitHub CLI:/c/Program Files/Git/bin:/c/Program Files (x86)/pipx_bin:/c/npm/prefix:/c/hostedtoolcache/windows/go/1.21.13/x64/bin:/c/hostedtoolcache/windows/Python/3.9.13/x64/Scripts:/c/hostedtoolcache/windows/Python/3.9.13/x64:/c/hostedtoolcache/windo
ws/Ruby/3.0.7/x64/bin:/c/Program Files/OpenSSL/bin:/c/tools/kotlinc/bin:/c/hostedtoolcache/windows/Java_Temurin-Hotspot_jdk/8.0.422-5/x64/bin:/c/Program Files/ImageMagick-7.1.1-Q16-HDRI:/c/Program Files/Microsoft SDKs/Azure/CLI2/wbin:/c/ProgramData/kind:/c/ProgramData/C
hocolatey/bin:/c/Windows/system32:/c/Windows:/c/Windows/System32/Wbem:/c/Windows/System32/WindowsPowerShell/v1.0:/c/Windows/System32/OpenSSH:/c/Program Files/dotnet:/c/Program Files/PowerShell/7:/c/Program Files/Microsoft/Web Platform Installer:/c/Program Files/Tortoise
SVN/bin:/c/Program Files/Microsoft SQL Server/Client SDK/ODBC/170/Tools/Binn:/c/Program Files/Microsoft SQL Server/150/Tools/Binn:/c/Program Files (x86)/Windows Kits/10/Windows Performance Toolkit:/c/Program Files (x86)/WiX Toolset v3.14/bin:/c/Program Files/Microsoft S
QL Server/130/DTS/Binn:/c/Program Files/Microsoft SQL Server/140/DTS/Binn:/c/Program Files/Microsoft SQL Server/150/DTS/Binn:/c/Program Files/Microsoft SQL Server/160/DTS/Binn:/c/Strawberry/c/bin:/c/Strawberry/perl/site/bin:/c/Strawberry/perl/bin:/c/ProgramData/chocolat
ey/lib/pulumi/tools/Pulumi/bin:/c/Program Files/CMake/bin:/c/ProgramData/chocolatey/lib/maven/apache-maven-3.8.7/bin:/c/Program Files/Microsoft Service Fabric/bin/Fabric/Fabric.Code:/c/Program Files/Microsoft SDKs/Service Fabric/Tools/ServiceFabricLocalClusterManager:/c
/Program Files/nodejs:/c/Program Files/Git/cmd:/c/Program Files/Git/mingw64/bin:/c/Program Files/Git/usr/bin:/c/Program Files/GitHub CLI:/c/tools/php:/c/Program Files (x86)/sbt/bin:/c/Program Files/Amazon/AWSCLIV2:/c/Program Files/Amazon/SessionManagerPlugin/bin:/c/Prog
ram Files/Amazon/AWSSAMCLI/bin:/c/Program Files/Microsoft SQL Server/130/Tools/Binn:/c/Program Files/LLVM/bin:/c/Users/runneradmin/.dotnet/tools:/c/Users/runneradmin/.cargo/bin:/c/Users/runneradmin/AppData/Local/Microsoft/WindowsApps"
declare -x ORIGINAL_TEMP="/c/Users/RUNNER~1/AppData/Local/Temp"
declare -x ORIGINAL_TMP="/c/Users/RUNNER~1/AppData/Local/Temp"
declare -x OS="Windows_NT"
declare -x OSSRH_TOKEN="redacted"
declare -x OSSRH_USERNAME="redacted"
declare -x PATH="/mingw64/bin:/usr/local/bin:/usr/bin:/bin:/c/hostedtoolcache/windows/Java_Zulu_jdk/8.0.422-5/x64/bin:/c/Program Files/MongoDB/Server/5.0/bin:/c/aliyun-cli:/c/vcpkg:/c/Program Files (x86)/NSIS:/c/tools/zstd:/c/Program Files/Mercurial:/c/hostedtoolcache/w
indows/stack/3.1.1/x64:/c/cabal/bin:/c/ghcup/bin:/c/mingw64/bin:/c/Program Files/dotnet:/c/Program Files/MySQL/MySQL Server 8.0/bin:/c/Program Files/R/R-4.4.1/bin/x64:/c/SeleniumWebDrivers/GeckoDriver:/c/SeleniumWebDrivers/EdgeDriver:/c/SeleniumWebDrivers/ChromeDriver:/
c/Program Files (x86)/sbt/bin:/c/Program Files (x86)/GitHub CLI:/c/Program Files/Git/bin:/c/Program Files (x86)/pipx_bin:/c/npm/prefix:/c/hostedtoolcache/windows/go/1.21.13/x64/bin:/c/hostedtoolcache/windows/Python/3.9.13/x64/Scripts:/c/hostedtoolcache/windows/Python/3.
9.13/x64:/c/hostedtoolcache/windows/Ruby/3.0.7/x64/bin:/c/Program Files/OpenSSL/bin:/c/tools/kotlinc/bin:/c/hostedtoolcache/windows/Java_Temurin-Hotspot_jdk/8.0.422-5/x64/bin:/c/Program Files/ImageMagick-7.1.1-Q16-HDRI:/c/Program Files/Microsoft SDKs/Azure/CLI2/wbin:/c/
ProgramData/kind:/c/ProgramData/Chocolatey/bin:/c/Windows/system32:/c/Windows:/c/Windows/System32/Wbem:/c/Windows/System32/WindowsPowerShell/v1.0:/c/Windows/System32/OpenSSH:/c/Program Files/dotnet:/c/Program Files/PowerShell/7:/c/Program Files/Microsoft/Web Platform In
staller:/c/Program Files/TortoiseSVN/bin:/c/Program Files/Microsoft SQL Server/Client SDK/ODBC/170/Tools/Binn:/c/Program Files/Microsoft SQL Server/150/Tools/Binn:/c/Program Files (x86)/Windows Kits/10/Windows Performance Toolkit:/c/Program Files (x86)/WiX Toolset v3.14
/bin:/c/Program Files/Microsoft SQL Server/130/DTS/Binn:/c/Program Files/Microsoft SQL Server/140/DTS/Binn:/c/Program Files/Microsoft SQL Server/150/DTS/Binn:/c/Program Files/Microsoft SQL Server/160/DTS/Binn:/c/Strawberry/c/bin:/c/Strawberry/perl/site/bin:/c/Strawberry
/perl/bin:/c/ProgramData/chocolatey/lib/pulumi/tools/Pulumi/bin:/c/Program Files/CMake/bin:/c/ProgramData/chocolatey/lib/maven/apache-maven-3.8.7/bin:/c/Program Files/Microsoft Service Fabric/bin/Fabric/Fabric.Code:/c/Program Files/Microsoft SDKs/Service Fabric/Tools/Se
rviceFabricLocalClusterManager:/c/Program Files/nodejs:/c/Program Files/Git/cmd:/c/Program Files/Git/mingw64/bin:/c/Program Files/Git/usr/bin:/c/Program Files/GitHub CLI:/c/tools/php:/c/Program Files (x86)/sbt/bin:/c/Program Files/Amazon/AWSCLIV2:/c/Program Files/Amazon
/SessionManagerPlugin/bin:/c/Program Files/Amazon/AWSSAMCLI/bin:/c/Program Files/Microsoft SQL Server/130/Tools/Binn:/c/Program Files/LLVM/bin:/c/Users/runneradmin/.dotnet/tools:/c/Users/runneradmin/.cargo/bin:/c/Users/runneradmin/AppData/Local/Microsoft/WindowsApps:/us
r/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perl"
declare -x PATHEXT=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
declare -x PERFLOG_LOCATION_SETTING="RUNNER_PERFLOG"
declare -x PGBIN="C:\\Program Files\\PostgreSQL\\14\\bin"
declare -x PGDATA="C:\\Program Files\\PostgreSQL\\14\\data"
declare -x PGPASSWORD="root"
declare -x PGROOT="C:\\Program Files\\PostgreSQL\\14"
declare -x PGUSER="postgres"
declare -x PHPROOT="c:\\tools\\php"
declare -x PIPX_BIN_DIR="C:\\Program Files (x86)\\pipx_bin"
declare -x PIPX_HOME="C:\\Program Files (x86)\\pipx"
declare -x PKG_CONFIG_PATH="/mingw64/lib/pkgconfig:/mingw64/share/pkgconfig"
declare -x PKG_CONFIG_SYSTEM_INCLUDE_PATH="/mingw64/include"
declare -x PKG_CONFIG_SYSTEM_LIBRARY_PATH="/mingw64/lib"
declare -x POWERSHELL_DISTRIBUTION_CHANNEL="GitHub-Actions-win22"
declare -x POWERSHELL_UPDATECHECK="Off"
declare -x PRINTER=""
declare -x PROCESSOR_ARCHITECTURE="AMD64"
declare -x PROCESSOR_IDENTIFIER="AMD64 Family 25 Model 1 Stepping 1, AuthenticAMD"
declare -x PROCESSOR_LEVEL="25"
declare -x PROCESSOR_REVISION="0101"
declare -x PROGRAMFILES="C:\\Program Files"
declare -x PS1="\\[\\e]0;\\w\\a\\]\\n\\[\\e[32m\\]\\u@\\h \\[\\e[35m\\]\$MSYSTEM\\[\\e[0m\\] \\[\\e[33m\\]\\w\\[\\e[0m\\]\\n\\[\\e[1m\\]#\\[\\e[0m\\] "
declare -x PSModuleAnalysisCachePath="C:\\PSModuleAnalysisCachePath\\ModuleAnalysisCache"
declare -x PSModulePath="C:\\\\Modules\\azurerm_2.1.0;C:\\\\Modules\\azure_2.1.0;C:\\Users\\packer\\Documents\\WindowsPowerShell\\Modules;C:\\Program Files\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules;C:\\Program Files\\Microsoft S
QL Server\\130\\Tools\\PowerShell\\Modules\\"
declare -x PUBLIC="C:\\Users\\Public"
declare -x PWD="/d/a/cmake-maven-project/cmake-maven-project"
declare -x ProgramData="C:\\ProgramData"
declare -x ProgramW6432="C:\\Program Files"
declare -x RTOOLS44_HOME="C:\\rtools44"
declare -x RUNNER_ARCH="X64"
declare -x RUNNER_ENVIRONMENT="github-hosted"
declare -x RUNNER_NAME="GitHub Actions 6"
declare -x RUNNER_OS="Windows"
declare -x RUNNER_PERFLOG="C:\\actions\\perflog"
declare -x RUNNER_TEMP="D:\\a\\_temp"
declare -x RUNNER_TOOL_CACHE="C:\\hostedtoolcache\\windows"
declare -x RUNNER_TRACKING_ID="github_35578e18-ceaa-44ee-a0af-048e6f96e181"
declare -x RUNNER_WORKSPACE="D:\\a\\cmake-maven-project"
declare -x SBT_HOME="C:\\Program Files (x86)\\sbt\\"
declare -x SELENIUM_JAR_PATH="C:\\selenium\\selenium-server.jar"
declare -x SHELL="/usr/bin/bash"
declare -x SHLVL="1"
declare -x STAGING_HOST="oss.sonatype.org"
declare -x STATS_D="true"
declare -x STATS_D_D="true"
declare -x STATS_EXT="true"
declare -x STATS_EXTP="https://provjobdsettingscdn.blob.core.windows.net/settings/provjobdsettings-0.5.181+6/provjobd.data"
declare -x STATS_RDCL="true"
declare -x STATS_TRP="true"
declare -x STATS_UE="true"
declare -x STATS_V3PS="true"
declare -x STATS_VMD="true"
declare -x STATS_VMFE="true"
declare -x SYSTEMDRIVE="C:"
declare -x SYSTEMROOT="C:\\Windows"
declare -x TEMP="/tmp"
declare -x TERM="screen-256color"
declare -x TMP="/tmp"
declare -x TMUX="/tmp/tmate.sock,1190,0"
declare -x TMUX_PANE="%0"
declare -x TZ="Etc/UTC"
declare -x USER="runneradmin"
declare -x USERDOMAIN="fv-az1347-47"
declare -x USERDOMAIN_ROAMINGPROFILE="fv-az1347-47"
declare -x USERNAME="runneradmin"
declare -x USERPROFILE="C:\\Users\\runneradmin"
declare -x VCPKG_INSTALLATION_ROOT="C:\\vcpkg"
declare -x WINDIR="C:\\Windows"
declare -x WIX="C:\\Program Files (x86)\\WiX Toolset v3.14\\"
declare -x XDG_DATA_DIRS="/mingw64/share/:/usr/local/share/:/usr/share/"
declare -x npm_config_prefix="C:\\npm\\prefix"

I hope it helps.

[jira-importer]

Tamas Cservenak commented

GPG plugin does not reach directly for env variable, Maven does it on boot, and GPG plugin just gets that from session.
To dump what Maven "see", you can use command like this:

$ mvn eu.maveniverse.maven.plugins:toolbox:0.1.33:dump -Dverbose

(note: 0.1.33 is just released as I had some fixes in there, it may need few minutes for Central sync).

This command dumps all that is present in repository system session, the object GPG plugin uses as well to get values.

[jira-importer]

Gili commented

Tamas Cservenak I used the command you mentioned and it confirms that "env.MAVEN_GPG_PASSPHRASE" contains a secret value (the value shows up as ***).

I am the second person to report this bug (see actions/setup-java#629).

Can you please debug this problem on your end to figure out why the passphrase is being rejected?

[jira-importer]

Gili commented

Tamas Cservenak Please see actions/setup-java#629 (comment) and let us know if any other ideas come to mind. Thank you in advance.

[jira-importer]

Tamas Cservenak commented

Howdy Gili, thanks for reaching back with new info, and sorry for a bit late response.
You pointed at line that is "highly suspicious way of reading environment variables", so let me start there:
Maven at "boot" collects Java System Properties and env variables into Maven System Properties (not to be confused with Java System Properties, that are ONE SOURCE of these). Same things happens in Toolbox (and there you confirmed that env.MAVEN_GPG_PASSPHRASE contains a secret value). And don't be confused, the "env." prefix is nothing to do with PowerShell or whatever, it is really just Maven:
See https://github.com/apache/maven/blob/45201347c417896b57159221130333f5fa4bbfb6/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java#L1485
And https://github.com/apache/maven/blob/45f9b81b4a8451a75864ef1c861c5bb201a54790/maven-core/src/main/java/org/apache/maven/properties/internal/EnvironmentUtils.java#L34

In short, Maven system properties contain Java System Properties (as is) AND env variables where key are prefixed with "env.". Hence the way of "reading".

Also, just like between Linux/MacOS/Windows, these differences should be handled by Java, am pretty sceptic that in Java you should key env variable differently based on cmd/powershell... or if this is the case on Windows, than this platform is eeek.

[jira-importer]

Tamas Cservenak commented

But I found a "sus" place myself, but for this to confirm, I'd need some answers: do your passphrases contains some character that is beyond 7bit ASCII?

https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L115-L120

This place smells like it lacks some encoding, as "usually" Mac and Linuxes are UTF8, but AFAIK Windows is stubborn on that chcp 65001?

[jira-importer]

Tamas Cservenak commented

In 3.1.0 the process input creation was like this:
https://github.com/apache/maven-gpg-plugin/blob/maven-gpg-plugin-3.1.0/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L105-L106

So it seems Windows is getting passphrase+newline? Hence GPG declares it as "bad passphrase"? Again, am unsure how Windows behave in this respect...

Michael Osipov Help!

[jira-importer]

Tamas Cservenak commented

So two issues:

• possible encoding issues here: Java def encoding is used to fill in ByteArrayInputStream, that is later as-is used to feed process. On Linux/mac the java encoding is usually == console encoding == utf8, while this AFAIK is not true for window? https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L115-L120
• possible passphrase corruption as well, by adding System.lineSeparator() ?

[jira-importer]

Tamas Cservenak commented

Gili wait a sec... you say "I used the command you mentioned and it confirms that "env.MAVEN_GPG_PASSPHRASE" contains a secret value (the value shows up as ***)."?
That is weird, as Toolbox (the command I said to run), does not hide sensitive values as it have no idea which one is sensitive!

I just tested it:

$ MAVEN_GPG_PASSPHRASE=bigSecretNobodyCanSee mvn eu.maveniverse.maven.plugins:toolbox:0.3.2:dump -Dverbosity=CHATTER
...
[INFO]                          env.MAVEN_CMD_LINE_ARGS= eu.maveniverse.maven.plugins:toolbox:0.3.2:dump -Dverbosity=CHATTER
[INFO]                          env.MAVEN_GPG_PASSPHRASE=bigSecretNobodyCanSee
[INFO]                          env.MAVEN_HOME=/home/cstamas/.sdkman/candidates/maven/current
...

This means your passphrase is "****"

[jira-importer]

Gili commented

Hi Tamas,

Thanks for the follow-up... The reason that I see *** in place of the secret is that I'm running the command under a GitHub Action. It is GitHub that is hiding the output, not toolbox itself. With respect to my passphrase, the unencrypted version is purely alphanumeric so no, I don't expect any characters outside the 7bit range.

Let me know if there is anything else I can do to help tracking down this issue. If you release a snapshot version or something I can try running it under Github again.

[jira-importer]

Tamas Cservenak commented

Gili I created this ralfkonrad/test-mvn-gpg-plugin#27 but needs auth. You can try same if you can.

[jira-importer]

Tamas Cservenak commented

Michael OsipovGili seems it was rogue CR!
See ralfkonrad/test-mvn-gpg-plugin#28

[jira-importer]

Gili commented

Question: why does this even need to be a user-configurable option? To me, this should be an internal implementation detail that is not configurable by end-users.

[jira-importer]

Tamas Cservenak commented

You are right, this is really internal detail.
Still, having it as parameter is okay, even if nobody will have to use it. We can schedule removal of this parameter if you strongly believe this should be not exposed.