h3x*_*eam 6 java deployment gnupg maven
我想将工件部署到 Sonatype OSS 存储库。
当我使用以下命令进行部署时,签名无效。
mvn clean source:jar javadoc:jar install gpg:sign deploy
> gpg --verify target/security-versions-1.0.1.jar.asc
gpg: assuming signed data in 'target/security-versions-1.0.1.jar'
gpg: Signature made 10/20/15 11:45:50 Eastern Daylight Time using RSA key ID 63E38ACF
gpg: BAD signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate]
如果我删除部署目标,签名是好的。
mvn clean source:jar javadoc:jar install gpg:sign
> gpg --verify target/security-versions-1.0.1.jar.asc
gpg: assuming signed data in 'target/security-versions-1.0.1.jar'
gpg: Signature made 10/20/15 11:54:34 Eastern Daylight Time using RSA key ID 63E38ACF
gpg: Good signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate]
我意识到,在签名操作之后,罐子被第二次打包了。如何在不影响签名的情况下进行部署?
有问题的操作:
[INFO] --- maven-gpg-plugin:1.5:sign (default-cli) @ security-versions ---
You need a passphrase to unlock the secret key for
user: "Philippe Arteau <philippe.arteau@gmail.com>"
4096-bit RSA key, ID 63E38ACF, created 2013-05-12
[...]
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ security-versions ---
[INFO] Building jar: C:\Code\workspace-java\maven-security-versions\target\security-versions-1.0.1.jar
[INFO]
[INFO] --- maven-plugin-plugin:3.2:addPluginArtifactMetadata (default-addPluginArtifactMetadata) @ security-versions ---
[INFO]
[INFO] --- maven-source-plugin:2.2.1:jar-no-fork (default) @ security-versions ---
[INFO] Building jar: C:\Code\workspace-java\maven-security-versions\target\security-versions-1.0.1-sources.jar
第二部分不应该做,因为编译和打包已经发生了。
| 归档时间: |
|
| 查看次数: |
700 次 |
| 最近记录: |