Using a GPG secret key without a private key included causes a NullPointerException when uploading an artifact about nexus-repository-apt HOT 7 OPEN

Update. This appears to be an issue with GPG keys with subkeys.
When a key without a subkey was configured, then everything worked great.
I am still really curious about why the original key, which was valid, didn't work.
I am also concerned that I was presented with a NullPointerException in the UI instead of a meaningful message that my configured signing key had an issue.

from nexus-repository-apt.

Thanks for the detailed info!

I wonder if at some point you removed the master private key from your keyring (like is suggested here: https://wiki.debian.org/Subkeys). Or perhaps gpg requires additional incantations to export the private portion of a master key.

As far as why the NPE instead of a meaningful message: this is simply not a case that I've encountered before and didn't realize was possible. This plugin is not a Sonatype product, it's a volunteer effort, so it can definitely lack some of the polish that a commercial product might have. Personally I don't have a great amount of time to devote to this plugin, so I probably won't get around to writing a fix to handle this case in a less confusing way any time soon, but I'm happy to review and merge patches!

from nexus-repository-apt.

@mpoindexter I'll take a look at the subkeys thing and see what is going on there. We found that we actually didn't need to use it, but I would like to know what is going on there.

I fully understand the lack of polish and how only what is currently painful is what bubbles to the top. My team is currently maintaining a couple of Gradle plugins ourselves.

I'm going through the hoops on my end to get approval to sign the Sonatype Contributor License Agreement and submit a PR. It should be inbound this week.

from nexus-repository-apt.

@wdschei do you have any updates on this?

from nexus-repository-apt.

@macalinao I finally got approval and will be submitting a PR to provide a better message other than the NPE shortly.

from nexus-repository-apt.

Just passing by ...
I've recently submitted a PR that fixes a similar issue in Gradle.
Here it is: gradle/gradle#10366.
The main issue was that the keyring (multiple keys) was treated as a single key.

from nexus-repository-apt.

APT is now part of Nexus Repository Manager. Version 3.17.0 includes the APT plugin by default.
If this is still an issue if using 3.17.0 or later please file an issue at https://issues.sonatype.org/.
Links to the new source code location are in the top level README.md

from nexus-repository-apt.