28

I have created a gradle project and everything builds fine, but when I try to upload to my Maven repository, I get the following Gradle error:

FAILURE: Build failed with an exception.

* What went wrong:
Could not evaluate onlyIf predicate for task ':library:signArchives'.
> Unable to read secret key from file: C:\Users\ideal\pubring.gpg (it may not be a PGP secret key ring)

I followed the instructions at Sonatype to generate the key, then copied it from its generated location to the location listed above. I have also published the public key to MITs key repository. The gradle.properties file in my user directory contains the following entries related to the keychain:

signing.keyId=MY_KEY_ID
signing.password=MY_KEY_PASSWORD
signing.secretKeyRingFile=C:\\Users\\ideal\\pubring.gpg

This is on a Windows platform. I have tried searching for the error message but the only thing which comes up is the source files for the related plugins.

Peter Wippermann
  • 4,125
  • 5
  • 35
  • 48
Jared
  • 1,449
  • 2
  • 19
  • 40

3 Answers3

77

The secring.gpg file has been removed in GPG 2.1.

However, GPG still can create such a file: gpg --export-secret-keys -o secring.gpg

Pro Tip: If Gradle's signing plugin complains that your key in signing.keyId=MY_KEY_ID is too long, you're certainly using the 40 characters fingerprint but should use the 8 char ID. You've got three options then:

  1. You can configure GPG to show the 8 char ID instead of the fingerprint by setting the keyid-format option.

    • a) Either explicitly define this option on CLI: gpg --list-keys --keyid-format short (Thanks tjheslin1!)
    • b) Or activate this option implicitly through the options file (default location is ~/.gnupg/gpg.conf).

  2. Try the last 8 digits of your 40 chars fingerprint. This is for the lazy developer ;-)

Peter Wippermann
  • 4,125
  • 5
  • 35
  • 48
  • 7
    Thank you for this! Struggled for a long while but finally made progress with your help. My issue was the key length. Running `gpg2 --list-keys --keyid-format short` was what I needed. – tjheslin1 Nov 01 '16 at 16:52
  • Thanks @tjheslin1 ! I just added your input :-) – Peter Wippermann Nov 09 '16 at 15:09
  • 1
    This should be the accepted answer. The other one is useless. – Adam Arold Oct 16 '18 at 22:26
  • 2
    It's unforgivable that the Gradle plugin won't handle a full-length key. And to add insult to injury, it uses the *last* 8 chars. Facepalm. – nilskp Jul 01 '21 at 09:27
14

The problem is that you are using the public key, switch to the secret key, normally named "secring.gpg". So in your case it should placed in

C:\Users\ideal\secring.gpg

Lorenzo Braghetto
  • 575
  • 7
  • 14
2

The "secring.gpg" file may not be needed in GPG 2.1 and later versions, and can be generated with commands: "gpg --export-secret-keys -o \dir\secring.gpg"

shinGG
  • 31
  • 1