Signing with gpg must be done serially to avoid gpg-agent running out of memory #168
Description
When running publishSigned on aggregated projects, we might end up calling gpg multiple times in parallel, this can lead to the gpg-agent running out of "secmem" (secure memory) (see https://dev.gnupg.org/T4255) which can manifest itself with errors such as:
gpg: signing failed: Cannot allocate memory
(as usual with gpg, this error is very confusing: the system didn't run out of memory at all). This isn't just a theoretical concern, this is currently blocking the release of Dotty 0.19.0-RC1: https://dotty-ci.epfl.ch/lampepfl/dotty/1487/1/8
To fix this, an option auto-expand-secmem was added to gpg-agent.conf (https://dev.gnupg.org/T3530), according to that PR:
The --auto-expand-secmem option is available in 2.2. and master for quite some time. It works if libgcrypt 1.8.2 or newer is used.
Unfortunately, Ubuntu 18.04 uses libgcrypt 1.8.1, so this fix isn't usable on a lot of CI setups.
Therefore it seems like the only sane thing to do for sbt-pgp is to wrap calls to gpg into a synchronized block to make sure they're never executed in parallel.