Using a GPG agent for signing Maven releases on Mac OS X

Using the Maven GPG Plugin makes it easy to sign a large number of artifacts when performing a release with Maven.

However, one of the annoying parts is that interactive password entry is not particularly easy, and you often have to put it on the command line or into your settings file in plaintext, which is not very comfortable. The better alternative is to use gpg-agent, and if you’re not using GPG 2.0 this needs to be configured in the POM:

  <plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.1</version>
    <configuration>
      <useAgent>true</useAgent>
    </configuration>
  </plugin>

GPG will fallback to the same password entry if it is not running or if it is provided via the property, so there’s no particular downside to enabling the option.

The problem on Mac is that the situation with GPG is a little confusing. There seem to be several different projects floating around to provide it.

I’m a big fan of Homebrew, and previously I’d been using that to install GnuPG and gpg-agent. It worked quite well, but the password entry required curses, and also didn’t work in an interactive session – so you’d need to make sure to have entered it manually before starting a release. If it failed mid-release, you’d need to restart the agent. None of this was Homebrew’s fault – I just hadn’t been able to find a native pinentry app for the Mac that stood alone and didn’t crash on use.

After fiddling with it for a while, I decided to try one of the native Mac GPG installers again. This is where it got confusing, since there are several efforts floating around. Others may work, but the one I had success with is the revived GPGMail project. After uninstalling all the packages using Homebrew, I installed GPGTools from the download page. Since this includes a native pinentry application, and pre-configures gpg and the agent to run once on login, it worked much better.

The only catch if you’re trying this is that you need to logout, or in your shell run this until you have:

open /usr/local/libexec/start-gpg-agent.app/
. ~/.gpg-agent-info
export GPG_AGENT_INFO

You can test that it is working outside of Maven by running: gpg -ab (ending with Ctrl-D),

Working around –non-interactive problems in Leopard’s Subversion

Apparently, the –non-interactive flag is broken in Subversion as distributed with Leopard and a fix is not yet available. Bad news for Maven users wanting to use any of the SCM tools.

Hopefully a fix will be available either through an update or a version of Subversion that can be compiled from source, but in the mean time I put this shell script ahead of svn in my PATH:

Updated 15 Mar 08: Wendy pointed out you need to chop the username too. Now it’s even more hacky.

#!/bin/sh

if [ "$1" = "--non-interactive" -o "$1" = "--username" ]; then
  shift
fi

if [ "$1" = "--non-interactive" -o "$1" = "--username" ]; then
  shift
fi

/usr/bin/svn "$@"

Mmm, hacky.

Cloned Mac migration problems? Check your permissions

I recently received a new(er) Macbook Pro, and wanted to get up and running in as short a period as possible. I chose to go with a full hard drive clone so that the minimum amount of modification and reinstallation would be necessary.

Apart from a small misunderstanding between me and my external USB drive, that resulted in me having to do the initial backup twice, Carbon Copy Cloner worked an absolute treat. I was able to boot from the USB on the new Mac, and clone back over to the internal hard drive and boot it all back up spotlessly.

Well, almost. I started seeing weird problems cropping up in quite different applications.

First up my Dovecot IMAP server wouldn’t start. This turned out to be a simple problem of /opt/local/var/run/dovecot/master.pid being left behind and needing to be removed (since another app kept taking that PID every time I rebooted, Dovecot always thought it was already running). This was the most important thing and I was back in business quickly.

But then it got weirder. iGTD’s F6 integration has ceased working (and I still can’t get it to work despite resolving other problems). It tries to send something – but it just doesn’t. Oh well – I’ve been wanting to check out OmniFocus anyway.

And then yesterday, I decided it was time to upgrade to 10.5.2. But software update refused to recognise any updates – though I had several waiting, and running it on my old Mac showed them. Nothing helpful in /var/log/system.log. After googling for a solid hour I decided to just update from the downloads on the Apple software site and resolve the problem later.

Then I was having trouble opening a PDF in Preview. I figured it was something corrupted in there, so I didn’t think about it. Then today – no luck on another PDF. And I found no PDFs were working in Preview (in hindsight, I’d had the same problem with a Postscript file earlier in the day too). Something was clearly wrong, but it’s incredibly hard to google for problems with generic names like "Preview" and "Software Update".

Luckily, Preview showed me something in the logs, which Software Update hadn’t:

Feb 14 12:27:07 mcbrett Preview[1755]: tempFileFolderPath failed
Feb 14 12:27:07 mcbrett Preview[1755]: *** -[NSPathStore2 rangeOfString:options:range:locale:]: nil argument

That was much easier to google for and I had the fix in minutes. What’s more, Software Update is working again (though no luck with F6 integration). It was simply a permissions change on the temporary directory:

sudo chmod 775 $TMPDIR

The creepy thing? My name isn’t that common, but the user in question had exactly the same login ID as me. Does Apple discriminate against brett’s? 🙂

Searching Archiva with Quicksilver

I run my own Archiva server to keep an offline repository of artifacts so that I can safely nuke my local repository at any time and to have a more typical set up.

I have’t written any Quicksilver actions before, but experimented with this one very quickly the other day – let me know if you find it useful or have any suggestions!

-- Search Archiva for given text
using terms from application "Quicksilver"
  on process text query
    set archivaUrl to "http://localhost:7777/archiva/"
    set queryUrl to archivaUrl & "quickSearch.action?q=" & query
    do shell script "open " & queryUrl
  end process text
end using terms from

Playing Albums with Quicksilver, iTunes and Artist Search

This is just a short note for anyone else that has encountered this most annoying trait in Quicksilver.

I started using Quicksilver to select the songs I wanted to play recently instead of dropping into iTunes itself (I’ve been using it to play/pause and move to the next song for some time). The ability to browse you’re library via the iTunes icon is very cool (and even better is setting up a trigger for Search by Artist), but it had one annoying trait: when I wanted to play a whole album, it set up the playlist in a seemingly random order. I say random because I couldn’t figure out why it had chosen the order it had, but it used the same order every time. My best guess is that it is something to do with the order on the filesystem.

I tried fiddling with lots of different options, and saw a number of people in the forums complaining about similar but slightly different problems. It’s surprising to me that not a lot of people seem to play whole albums in track order any more 🙂

The option that ended up fixing it was the one I least suspected: under preferences, in the iTunes tab, make sure "Fast Browser Play (less accurate)" is checked. Albums will then play in the correct order.

Now the only thing left to figure out is how playing albums in correct track order might be considered "less accurate"…