I want to deploy a Clojure library using Leiningen. I have done the following things:
installed gpg
created a gpg key-pair
encrypted my Clojars credential into ~/.lein/credentials.clj.gpg
installed gpg-agent
installed Keychain
When I call 'lein deploy clojars', I get the following output:
WARNING: please set :license in project.clj.
Could not decrypt credentials from ~/.lein/credentials.clj.gpg
gpg: can't query passphrase in batch mode
gpg: decryption failed: secret key not available
See `lein help gpg` for how to install gpg.
No credentials found for clojars
See `lein help deploy` for how to configure credentials.
Username:
I then uninstalled gpg, installed gpg2 and made a symlink from gpg to gpg2. When I now call 'lein deploy clojars', I get:
WARNING: please set :license in project.clj.
^CCould not decrypt credentials from ~/.lein/credentials.clj.gpg
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
pinentry-curses: no LC_CTYPE known - assuming UTF-8
gpg: signal Interrupt caught ... exiting
See `lein help gpg` for how to install gpg.
No credentials found for clojars
See `lein help deploy` for how to configure credentials.
Username:
After the warning, the command waits for an input, from which I can only exit by pressing ctrl-c.
Can anyone tell me what I need to do in order to deploy the library?
lein made deploying to clojars as simple as possible with lein-clojar plugin.
First, create ~/.lein/profiles.clj file with the following content:
{:user {:plugins [[lein-clojars "0.9.1"]]}}
Unfortunately, you can't use passphrased keys with lein-clojar plugin, but you can generate new ssh key with lein keygen command. It will place new ssh key into ~/.leiningen/, so it will be used only by lein.
After generating a key, lein will print its public part to the console. You should copy it to your clojars account.
At last, you can deploy your project with lein push.
Of course, you can deploy your project without this plugins using lein deploy clojars and any ssh or pgp key. Probably, it's possible to use pathphrased keys with lein deploy clojars, but I'm not sure about it.
Related
I am building a Java web app with Travis CI and trying to deploy it to an AWS Elastic Beanstalk instance. The build goes well:
The command "mvn test -B" exited with 0.
... but the deploy fails and says:
Fetching: dpl-1.8.31.gem (100%)
Successfully installed dpl-1.8.31
1 gem installed
invalid option "--secret_access_key="
failed to deploy
my .travis.yml file seems to be valid and I have stored in it my encrypted secret access key for AWS using the travis CLI tool:
travis encrypt secret_access_key="< my secret access key >"
So why can't I deploy to AWS? why does Travis tell me invalid option "--secret_access_key="?
I have checked the Travis dpl docs for Elastic Beanstalk and they say the option for the key should be --secret-access-key=..., with dashes (instead of underscores like in invalid option "--secret_access_key=" from my Travis log).
How can I deploy my application?
I also encountered this issue and it was because the encrypted environment variable I used for secret_access_key: was spelled incorrectly. Most likely the value used here is wrong or non-existent and will produce this error.
secret_access_key: $ENCRYPTED_VAR_SPELLED_WRONG
I'm trying to deploy a (non-snapshot) library to Clojars using Leiningen. I've actually been able to deploy this library before but it was a while ago and now I've made some fixes that I want to release. I even have a small bash script that used to handle the release and deploy process that essentially just do:
RELEASE_VERSION=${releaseVersion} lein release
Where releaseVersion is supplied as a parameter to the script. I'm using the lein-release plugin and I've specified:
:lein-release {:deploy-via :clojars}
in my project.clj. I also have working (or at least they used to work) GPG credentials in /Users/johan/.lein/credentials.clj.gpg.
When running lein release I'm prompted for my GPG password but after a couple of seconds I run into this:
$ RELEASE_VERSION=0.2.1 lein release
Picked up JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
On branch master
Your branch is up-to-date with 'origin/master'.
nothing to commit, working directory clean
[master cf4e5d1] Version 0.2.1
1 file changed, 1 insertion(+), 1 deletion(-)
You need a passphrase to unlock the secret key for
user: "Johan <email>"
2048-bit RSA key, ID ABC123431, created 2015-11-12
No credentials found for releases (did you mean `lein deploy clojars`?)
Password prompts are not supported when ran after other (potentially)
interactive tasks.
See `lein help deploy` for an explanation of how to specify credentials.
I've also tried setting repositories in my project.clj:
:repositories [["releases" {:url "http://clojars.org/repo" :creds :gpg}]]
But it doesn't make any difference. Does anyone know how to solve this?
The problem was that I had accidentally removed [lein-release "1.0.9"] from {:user {:plugins .. }} in my ~/.lein/profiles.clj file. When I added it again everything worked as expected.
I've been trying for ages to deploy a library to clojars without having to specify username and password using lein deploy clojars. But I end up with the following error message:
gpg: gpg-agent is not available in this session
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: decryption failed: secret key not available
Could not decrypt credentials from /Users/johan/.lein/credentials.clj.gpg
nil
See `lein help gpg` for how to install gpg.
No credentials found for clojars
See `lein help deploying` for how to configure credentials to avoid prompts.
My ~./lein/credentials.clj.gpg looks like this (unencrypted):
{ #"https://clojars.org/repo"
{:username "<username>" :password "<password>"}}}
I know that the username and password are correct (they are just copied from 1password).
Running gpg --list-keys gives me:
/Users/myname/.gnupg/pubring.gpg
-------------------------------
pub 2048R/0486A2C5 2010-10-12
uid My Name <myname#somemail.com>
sub 2048R/0617110A 2010-10-12
I've tried specifiying both 0486A2C5 and 0617110A in ~/.lein/profiles.clj (:signing {:gpg-key "<key>"}) but it doesn't make any difference.
I've also made sure that use-agent is uncommented in ~/.gnupg/gpg.conf and I've also made sure that gpg-agent is installed on my machine (brew install gpg-agent).
Update 1
Running gpg --list-secret-keys gives me:
/Users/myname/.gnupg/secring.gpg
-------------------------------
sec 2048R/0486A2C5 2010-10-12
uid My Name <myname#somemail.com>
ssb 2048R/0617110A 2010-10-12
Running gpg --quiet --batch --decrypt ~/.lein/credentials.clj.gpg prompts me for my password and then yields the unencrypted results.
Update 2
I'm using gpg 1.4.20 and gpg-agent 2.0.29 (both installed using brew) on Mac OS X El Capitan.
What am I missing!?
I solved this by uninstalling gpg from brew (brew uninstall gpg) and then install the binaries from gpgtools. I then opened the terminal and created a symbolic link from gpg2 to gpg:
$ ln -s /usr/local/MacGPG2/bin/gpg2 /usr/local/MacGPG2/bin/gpg
Then I added /usr/local/MacGPG2/bin to the PATH in my ~/.profile. When running lein clojars deploy I now get a graphical user interface where I enter the password and afterwards it successfully signs the release and publish the artifacts.
The easiest way to address this issue is to attempt to decrypt a file using gpg with the --batch flag. I think you'll find that your agent is installed but has not been started, or is perhaps improperly configured. If you can get gpg to work with --batch, then the deploy command will work.
My experience has been that naming the jar file you want to deploy with -SNAPSHOT on the end means that you do not have to set up public/private keys.
I'm trying to deploy my library to-jdbc-url and signing fails:
$ lein release
On branch master
Your branch is ahead of 'origin/master' by 2 commits.
(use "git push" to publish your local commits)
nothing to commit, working directory clean
[master 23b2409] Version 0.3.0
1 file changed, 1 insertion(+), 1 deletion(-)
gpg: skipped "J. Pablo Fernández <pupeno#carouselapps.com>": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
error: unable to sign the tag
No credentials found for releases (did you mean `lein deploy clojars`?)
Password prompts are not supported when ran after other (potentially)
interactive tasks.
See `lein help deploy` for an explanation of how to specify credentials.
My key is there:
$ gpg --list-secret-keys
/Users/pupeno/.gnupg/secring.gpg
--------------------------------
sec 2048R/F2FB1C6F 2015-07-15 [expires: 2016-07-14]
uid J. Pablo Fernández <pupeno#carouselappps.com>
ssb 2048R/E1A0E03B 2015-07-15
and I event installed gpg-agent just in case:
$ gpg-agent
gpg-agent: gpg-agent running and available
I tried with Leiningen 2.5.2 as well as 2.5.1.
What's going on? what am I missing?
I don't have any experience with lein release nor with signing,
but it stands out that your key has
J. Pablo Fernández <pupeno#carouselappps.com>
while you try to use (check letter p)
J. Pablo Fernández <pupeno#carouselapps.com>
I find it most straightforward to set my lein gpg key globally, see here:
https://github.com/technomancy/leiningen/blob/master/doc/GPG.md#overriding-the-gpg-defaults
thus, my ~/.lein/profiles.clj file would look something like:
{:user {:plugins [[lein-auto "0.1.2"]]
:signing {:gpg-key "<mykey>"}}}
where <mykey> is found by using gpg --list-keys
Leiningen will not ask me for my passphrase to decrypt my gpg key (which has my username and pass for Datomic).
gpg --quiet --batch --decrypt ~/.lein/credentials.clj.gpg
Prompts for a password in a terminal/ascii-like "popup" (and subsequently gives me the decrypted key) but then trying
lein deps
or
lein ring server-headless 4000
Simply says
$ lein ring server-headless 4000
Could not decrypt credentials from /home/vas/.lein/credentials.clj.gpg
gpg: cancelled by user
gpg: decryption failed: secret key not available
See `lein help gpg` for how to install gpg.
Even though I never cancel nor input my passphrase. Same operation works on my local machine no problem, although it gives me a graphical popup for the password. Is there a way to force a terminal-based passphrase entry?
I'm talking through SSH with another ubuntu box and I'd like to know how to make it prompt for a password or maybe another way I could get it to work.
Anyone have any ideas?
EDIT: https://github.com/technomancy/leiningen/issues/615
It looks like the solution is to use Keychain.
https://github.com/funtoo/keychain
There are a few options here, but the best one is to use the Unix Domain Socket forwarding feature of openssh, and then use a proper gpg agent locally.