Skip to content

Commit

Permalink
[MGPG-136] Windows passphrase corruption (#120)
Browse files Browse the repository at this point in the history
Since 3.2.0 version we always appended "line separator" to passphrase unless it itself ended with one. But, this caused problem on Windows, as (our assumption is) that GPG uses binary read of STDIN, and on Windows "line separator" is "\r\n", while GPG handles "\n" only, making passphrase corrupted by presence of unwanted "\r".

---

https://issues.apache.org/jira/browse/MGPG-136
  • Loading branch information
cstamas authored Sep 24, 2024
1 parent 31e87e0 commit 6b2a27f
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 3 deletions.
17 changes: 17 additions & 0 deletions src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,22 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
@Parameter(property = "gpg.bestPractices", defaultValue = "false")
private boolean bestPractices;

/**
* Whether to terminate the passphrase with LF character or not, as on some systems and some GPG executable combinations
* lack of trailing LF may cause GPG to not detect passphrase on STDIN. Since 3.2.0 it was always appended, unless
* passphrase itself ended with it. Note: before 3.2.7 the "line separator" was used for termination, that on
* other hand caused issues on Windows, where line separator is CRLF while GPG handles LF only.
* This parameter affects ONLY the GPG signer, not the BC signer.
* <p>
* By default, this parameter is {@code true}.
*
* @since 3.2.7
* @see <a href="https://issues.apache.org/jira/browse/MGPG-99">MGPG-99</a>
* @see <a href="https://issues.apache.org/jira/browse/MGPG-136">MGPG-136</a>
*/
@Parameter(property = "gpg.terminatePassphrase", defaultValue = "true")
private boolean terminatePassphrase;

/**
* Current user system settings for use in Maven.
*
Expand Down Expand Up @@ -345,6 +361,7 @@ protected AbstractGpgSigner newSigner(MavenProject mavenProject) throws MojoFail
signer.setPublicKeyring(publicKeyring);
signer.setLockMode(lockMode);
signer.setArgs(gpgArguments);
signer.setTerminatePassphrase(terminatePassphrase);

// "new way": env prevails
String passphrase =
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,8 @@ public abstract class AbstractGpgSigner {

protected String passphrase;

protected boolean terminatePassphrase;

private File outputDir;

private File buildDir;
Expand Down Expand Up @@ -98,6 +100,10 @@ public void setPassPhrase(String s) {
passphrase = s;
}

public void setTerminatePassphrase(boolean b) {
this.terminatePassphrase = b;
}

public void setOutputDirectory(File out) {
outputDir = out;
}
Expand Down
7 changes: 4 additions & 3 deletions src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java
Original file line number Diff line number Diff line change
Expand Up @@ -112,9 +112,10 @@ protected void generateSignatureForFile(File file, File signature) throws MojoEx
cmd.createArg().setValue("--passphrase-fd");
cmd.createArg().setValue("0");

// Prepare the input stream which will be used to pass the passphrase to the executable
if (!passphrase.endsWith(System.lineSeparator())) {
in = new ByteArrayInputStream((passphrase + System.lineSeparator()).getBytes());
// Prepare the STDIN stream which will be used to pass the passphrase to the executable
// but obey terminatePassphrase: append LF if asked for
if (terminatePassphrase && !passphrase.endsWith("\n")) {
in = new ByteArrayInputStream((passphrase + "\n").getBytes());
} else {
in = new ByteArrayInputStream(passphrase.getBytes());
}
Expand Down

0 comments on commit 6b2a27f

Please sign in to comment.