How to sign with gradle and gpg2

Question

The gradle signing plugin requires secring.gpg keyring file, according to the documentation: https://docs.gradle.org/current/userguide/signing_plugin.html

But since gpg version 2.1 the secring.gpg does not exist anymore. https://www.gnupg.org/faq/whats-new-in-2.1.html

Is there a possibility to use the signing plugin of gradle with gpg >= 2.1?

Answer 1

For people reaching this issue in 2017+, starting with Gradle 4.5, using GnuPG 2 (and gpg-agent) is fully supported. From the signing plugin documentation:

signing {
    useGpgCmd()
    sign configurations.archives
}

In addition, there have to be defined (at least) signing.gnupg.keyName (most likely in ~/.gradle/gradle.properties).

Please pay attention that the properties to defined key (signing.gnupg.keyName), key store (signing.gnupg.homeDir), passphrase (signing.gnupg.passphrase), etc. differ from those used in the previous Gradle versions (are in signing.gnupg.* not just signing.*).

Answer 2

I also faced with the same issue that I could'n solve with the gpg --export-secret-key, like this.

gpg: WARNING: nothing exported

Actually my gpg's version was 1.4.xx (with gpg --version) and there was another: gpg2.

So try this:

gpg2 --export-secret-key XXXXXXXX > secring.gpg

Answer 3

I just encountered the same issue and solved it by manually creating a secring.gpg file by executing the following terminal command:

gpg --keyring secring.gpg --export-secret-key XXXXXXXX > secring.gpg

You have to replace XXXXXXXX with the ID of the key you want to use. You can list all available keys by using the command gpg --list-key.

Edit: I forgot to mention, that I am using Linux.