Menu
I'm new with both Maven and uploading things to Sonatype, so the error may be evident but it's hiding well from me. I'm trying to upload an artifact.
To do so, I run the following command
mvn clean assembly:single -s settings.xml assembly:single javadoc:jar source:jar gpg:sign -Dgpg.passphrase=myPassphrase install deploy
However, this causes Nexus to fail on validating the JAR files because there are no asc signature files included in the upload - which is true, but I don't understand why. Furthermore, there are however signatures of the .xml files and of the .zip, .tar.gz and .tar.bz2 ones. What shall I specify for the ascs to be generated for the jars as well?
Below are shown my settings.xml and pom.xml files:
settings.xml:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>sonatype</id>
<username>myUsername</username>
<password>myPassword</password>
</server>
</servers>
</settings>
pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.aaryn101</groupId>
<artifactId>lol4j</artifactId>
<version>2.0</version>
<packaging>jar</packaging>
<name>lol4j</name>
<description>lol4j is a Java wrapper for the Riot Games LoL beta API.</description>
<url>https://github.com/aaryn101/lol4j</url>
<licenses>
<license>
<name>The MIT License (MIT)</name>
<url>http://opensource.org/licenses/MIT</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<url>https://github.com/aaryn101/lol4j.git</url>
</scm>
<distributionManagement>
<repository>
<id>sonatype</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2</url>
</repository>
</distributionManagement>
<build>
<plugins>
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.4</version>
<configuration>
<descriptor>dep.xml</descriptor>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
438
In order to upload jars into the maven repository, you need to sign them with a public key that must be made available at a given key server. See here the detailed instructions, and this blog post is also helpful.
The most important steps is to create a key and upload it to the key server (detailed in the links above).
Then edit settings.xml to make the PGP key available to Maven:
<profiles>
<profile>
<id>gpg</id>
<properties>
<gpg.passphrase>your passphrase</gpg.passphrase>
<gpg.keyname>your pgp key</gpg.keyname>
</properties>
</profile>
</profiles>
Then add this in the pom.xml in order to sign the jars:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
this is an example of a working pom.xml.
77
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
