Gradle uploadArchives task unable to read secret key

Question

I have created a gradle project and everything builds fine, but when I try to upload to my Maven repository, I get the following Gradle error:

FAILURE: Build failed with an exception.

* What went wrong:
Could not evaluate onlyIf predicate for task ':library:signArchives'.
> Unable to read secret key from file: C:\Users\ideal\pubring.gpg (it may not be a PGP secret key ring)

I followed the instructions at Sonatype to generate the key, then copied it from its generated location to the location listed above. I have also published the public key to MITs key repository. The gradle.properties file in my user directory contains the following entries related to the keychain:

signing.keyId=MY_KEY_ID
signing.password=MY_KEY_PASSWORD
signing.secretKeyRingFile=C:\\Users\\ideal\\pubring.gpg

This is on a Windows platform. I have tried searching for the error message but the only thing which comes up is the source files for the related plugins.

Answer 1

The secring.gpg file has been removed in GPG 2.1.

However, GPG still can create such a file: gpg --export-secret-keys -o secring.gpg

Pro Tip: If Gradle's signing plugin complains that your key in signing.keyId=MY_KEY_ID is too long, you're certainly using the 40 characters fingerprint but should use the 8 char ID. You've got three options then:

1. You can configure GPG to show the 8 char ID instead of the fingerprint by setting the keyid-format option.

   • a) Either explicitly define this option on CLI: gpg --list-keys --keyid-format short (Thanks tjheslin1!)
   • b) Or activate this option implicitly through the options file (default location is ~/.gnupg/gpg.conf).

2. Try the last 8 digits of your 40 chars fingerprint. This is for the lazy developer ;-)

Answer 2

The problem is that you are using the public key, switch to the secret key, normally named "secring.gpg". So in your case it should placed in

C:\Users\ideal\secring.gpg