编程知识 cdmana.com

How to use GPG signature in Maven package

Will be Maven Before you upload the package to the central repository and create a distribution, you need to GPG Signature .

If you're using Window operating system , Please refer to : https://www.ossez.com/t/windows-gpg-key/745 The content of the page to GPG key Generator to install , And create a key.

When you need attention , You created Key And upload to Key In the public key repository of , Please refer to the article for specific methods :https://www.ossez.com/t/gpg-maven-upload-your-public-key-and-try-the-operation/785 The content in .

When you've done everything , You can treat your POM The document has been modified .

Yes POM File modification

Yes POM There are several things that need to be modified , Some of the changes are one-off .

Let's assume that you have POM There are no deployment conditions .

We also refer to the official configuration file :https://central.sonatype.org/pages/apache-maven.html

First of all, your version number cannot contain -SNAPSHOT This keyword's .

You can use the following command :

mvn versions:set -DnewVersion=0.0.2

This mvn The command will search for versions in your system , And rename and unify the versions .

maven-pub-01

From the output of the console , We've seen the version number adjusted .

add to maven-gpg-plugin plug-in unit

stay pom In file , add to maven-gpg-plugin Plug in to plug-in list .

The location of this plug-in is located in build Below .

The details are as follows , You don't have to modify anything , If you have a higher version , You can also use higher versions .

<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-gpg-plugin</artifactId>
      <version>1.5</version>
      <executions>
        <execution>
          <id>sign-artifacts</id>
          <phase>verify</phase>
          <goals>
            <goal>sign</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

add to .m2 In the catalog settings.xml

The content to be added is as follows :

<settings>
  <profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <gpg.executable>gpg2</gpg.executable>
        <gpg.passphrase>the_pass_phrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
</settings>

Note the executable files , We used gpg2, If you don't have this in your operating system , You may use gpg, This is related to your installation .

Can be in Windows Run under cmd, To determine gpg Added to your system .

The secret key section is the key you created at the beginning , This is in Kleopatra What can be found in .

According to the secret key you need to install , Copy the above Key-ID Just fill in here .

maven-pub-02

After completing all the above configuration, run the command :

mvn clean deploy

Then wait for the feedback from the server .

It usually takes hours for your library to be seen all over the world .

maven-pub-03

Is it exciting .

All qualified companies and individuals are encouraged to upload open source projects to the central government in this way Maven Warehouse .

https://www.ossez.com/t/maven-package-gpg/787

版权声明
本文为[honeymoose]所创,转载请带上原文链接,感谢
https://cdmana.com/2020/12/20201224214750699f.html

Scroll to Top