Account registration
First of all, we need to register a Sonatype account, access the address Sonatype and enter the necessary content to successfully register an account, but there are some special security requirements for the password, the correct registration will be OK.
Sonatype work order
The new construction of single
Click the New button and select the projectopenQuestion type selectionnew projectOutline n. Write it down as you like
After the new creation is completed, the following figure is shown:
Add a TXT record
As shown in the figure above, it asks you to parse a TXT record in order to verify that you are the domain owner. It is OK to choose one of the two schemes. What I choose here is to add a TXT record, as shown in the figure below. I do not know the rules here, and two work orders were submitted, so I added two records. The record value is entered in your work order address, the part of the box in the picture below, the host record isjira tiket.
Here, the source of the TXT resolution is your problem URL, as follows:
After the analysis is finished, we can wait for the review. My review will be carried out at about 3:00 in the morning. After passing the audit, there will be an email notification, and there will be comments under the work order.
com.iminling has been prepared, now user(s) yslao can: Publish snapshot and release artifacts to https://oss.sonatype.org Have a look at this section of our official guide for deployment instructions: https://central.sonatype.org/pages/ossrh-guide.html#deployment Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central. Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide: https://central.sonatype.org/pages/releasing-the-deployment.htmlRelease preparation
GPG installation
MAC installed GPG
Here BREW is used for the installation
brew install gpgWindows installation GPG
Windows installed the Git client with this feature
Check out the GPG version
Some install GPG and some install GPG2, so check it out on your own
$GPG --version GPG (GnuPG) 2.2.13-unknown libgcrypt 1.8.4 Copyright (C) 2019 Free Software Foundation, Copyright (C) 2019 Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: /c/Users/kongh/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 # or use GPG2, according to their own computer which command can run.To generate the key
MAC generated
$GPG --gen-key GPG (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Note: Use "GPG --full-generate-key" to get a fully functional key generation dialog. GnuPG needs to build the user identity to identify your key. Real Name: yslao Email Address: [email protected] Have you selected this user ID: "yslao < l>" Change name (N), comment (C), email address (E) or confirm (O)/exit (Q)? O We need to generate a lot of random bytes. It would be a good idea to do something else (typing the keyboard, moving the mouse, reading and writing to the hard disk, etc.) during prime generation; This gives the random number generator a better chance of getting enough entropy. We need to generate a lot of random bytes. It would be a good idea to do something else (typing the keyboard, moving the mouse, reading and writing to the hard disk, etc.) during prime generation; This gives the random number generator a better chance of getting enough entropy. GPG: / Users/konghang /. Gnupg/trustdb GPG: trust is established database GPG: key 84040 e735f931a32 is marked as absolute trust GPG: Directory '. / Users/konghang/gnupg/openpgp - revocs. D has been creating GPG: Revoked certificate has been stored as'/Users/konghang /. Gnupg/openpgp - revocs. D/DD1E1B8213D07DA46FC3F2B684040E735F931A32. Rev 'public and private keys have been generated and being signed. Pub RSA3072 2021-02-20 [SC] [Available to: The 2023-02-20] DD1E1B8213A07DA46FC3F2B684040E735F931A32 uid yslao < [email protected] > sub rsa3072 2021-02-20 [E] [effective to: The 2023-02-20]During this period, you will be asked to enter a password. Please remember this password and use it when you publish the JAR. As shown in the figure below:
Windos generated
It’s pretty much the same as a Mac. Remember your password, too.
$GPG --gen-key GPG (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/c/Users/kongh/.gnupg' created gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: yslao Email address: [email protected] You selected this USER-ID: "yslao <[email protected]>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created gpg: key 7204BFB944405DA7 marked as ultimately trusted gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev' public and secret key created and signed. pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20] C87B0403E54CB05D431E5C1A7204BFB944405DA7 uid yslao <[email protected]> sub rsa2048 2021-02-20 [E] [expires: The 2023-02-20]The key operation
Look at the key
$ gpg --list-keys gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2023-02-20 /c/Users/kongh/.gnupg/pubring.kbx --------------------------------- pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20] C87B0403E54CD05D431E5C1A7204BFB944405DA7 uid [ultimate] yslao <[email protected]> sub rsa2048 2021-02-20 [E] [expires: 2023-02-20]Issued a public key
# command format: GPG --keyserver [key server](There are a lot of these, Grab a line) - to send - keys [key] the key is to see the key operation corresponds to the pub in the string of a string $GPG -- keyserver hkp://keyserver.ubuntu.com: 11371 - send - keys C87B0403E54CD05D431E5C1A7204BFB944405DA7 gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371Handling expired keys (not tried, only recorded)
# listed first in the list - keys GPG key list - a list - # keys to edit a key $GPG - edit - key C87B0403E54AB05D431E5C1A7204BFB944405DA7 GPG (GnuPG) 2.2.13 - unknown; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Secret key is available. sec rsa2048/7204BFB944405DA7 created: 2021-02-20 expires: 2023-02-20 usage: SC trust: ultimate validity: ultimate ssb rsa2048/B9A87F6417B16CA8 created: 2021-02-20 expires: 2023-02-20 Usage: E [ultimate] (1). Yslao <[email protected] bb0 # select id GPG > 1 SEC rsa2048/7204BFB944405DA7 created: 2021-02-20 expires: 2023-02-20 usage: SC trust: ultimate validity: ultimate ssb rsa2048/B9A87F6417B16CA8 created: 2021-02-20 expires: 2023-02-20 usage: E [ultimate] (1)* yslao <[email protected]> # expire expire Changing expiration time for the primary key. Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires In n weeks <n>m = key expires in n months <n>y = key expires in n years key is valid for? (0) # Then press 10m # and enter Save to extend the validity period GPG > SaveXML and setting.xml modifications
Distribution management
Modify the pom.xml and add the following code
<! Project --> < DistributionManagement > < Snapshotrepository > < ID > osSRH </ ID > <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>ossrh</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> </repository> </distributionManagement> <build> <plugins> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> The < version > 1.6.7 < / version > < extensions > true < / extensions > < configuration > < serverId > ossrh < / serverId > <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> </plugins> </build>Authentication configuration
Add authentication information to Setting.xml, where the ID is the same as the ID of Snapshot Repository and Repository of DistributionManagement in the POM file.
<settings> <servers> <server> <id>ossrh</id> <! Sonatype -- username --> <username>your-jira-id</username> <! --> <password>your jira-pwd</password> </server> </ Servers > </ Settings > --> <password>your jira-pwd</password> </server> </ Servers > </ Settings >Javadoc and source code management
Add the following configuration to the pom.xml
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> < version > 2.2.1 < / version > < executions > < execution > < id > attach - sources < / id > < goals > < goal > jar - no - fork < / goal > < / goals > </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> < artifactId > maven - javadoc - plugin < / artifactId > < version > 2.9.1 < / version > < executions > < execution > < id > attach - javadocs < id > <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> </plugins> </build>GPG signature component configuration
Add a GPG plug-in to your POM
< plugin > < groupId > org. Apache. Maven. Plugins < / groupId > < artifactId > maven GPG -- plugin < / artifactId > < version > 1.5 < / version > <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin>Add the GPG Profile configuration to Setting.xml, and the GPG. Executable property is added depending on your computer environment.
<settings> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <! Bb0 < GPG. Executable bb1 gpg2</ GPG. Executable bb2 <! > <gpg.passphrase>the_pass_phrase</gpg.passphrase> </properties> </profile> </profiles> </settings>The Nexus Staging Maven plug-in for deployment and distribution
Add the following to the pom.xml
<plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> The < version > 1.6.7 < / version > < extensions > true < / extensions > < configuration > < serverId > ossrh < / serverId > <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin>release
Do all the publishing to make sure that the GPG command is available. If you publish under Windows, make sure that you publish within the Git Bash client to make sure that GPG is available. And the fact that the release process may require you to re-enter your GPG password.
The snapshot version
If the project version ends in -snapshot, it will be published to the SNAPSHOT repository as follows:
D:\project\idea\base-iminling-parent>mvn clean deploy INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for Com. Iminling: base - iminling - parent: pom: 1.0.0 - the SNAPSHOT [WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging- maven-plugin @ line 326, column 25 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] [INFO] -----------------< com.iminling:base-iminling-parent >------------------ [INFO] Building base-iminling-parent 1.0.0 - the SNAPSHOT [INFO] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- (pom) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [INFO] - [INFO] Maven-clean-plugin :2.5:clean (default-clean) @base-iminling -- [INFO] -- [INFO] -- Maven-install-plugin :2.4:install (default-install) @base-iminling-parent -- [INFO] package D:\project\idea\base-iminling-parent\pom.xml to D: \ maven repository \ com \ iminling \ base - iminling - parent \ 1.0.0 - the SNAPSHOT \ base - iminling - parent - 1.0.0 - S NAPSHOT. Pom/INFO [INFO] -- maven-deploy-plugin:2.7:deploy (default-deploy) @base-iminling -- M.E. from OSRH: M.E. https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata. xml Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-p Arent-1.0.0-20210220.03 4207-1. Pom matches to Ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-p M.E. (13 KB at 2.5KB /s) M.E. from OSSRH: M.E. https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata. xml Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata. xml (609 B at 263 B/s) Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s) [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 15.105s [INFO] Finished at: 2021-05-20T11:42:18+08:00 [INFO] ------------------------------------------------------------------------The release version
If the project version does not end in -snapshot, it will be released to the Release repository as follows:
D:\project\idea\base-iminling-parent>mvn clean deploy [INFO] Scanning for projects... [WARNING] [WARNING] Some problems were encountered while building the effective model for Com. Iminling: base - iminling - parent: pom: 1.0.0 [WARNING] 'build. PluginManagement. Plugins. Plugins. (groupId: artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging- maven-plugin @ line 326, column 25 [WARNING] [WARNING] It is highly recommended to fix these problems because they threaten the stability of your build. [WARNING] [WARNING] For this reason, future Maven versions might no longer support building such malformed projects. [WARNING] [INFO] [INFO] -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- < com. Iminling: base - iminling - parent > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- [INFO] Building base - iminling - parent 1.0.0 [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] --- Maven-clean-plugin :2.5:clean (default-clean) @base-iminling -- [INFO] -- [INFO] -- Maven-install-plugin :2.4:install (default-install) @base-iminling-parent -- [INFO] package D:\project\idea\base-iminling-parent\pom.xml to D: \ maven repository \ com \ iminling \ base - iminling - parent \ 1.0.0 \ base - iminling - parent - 1.0.0. Pom [INFO] - [INFO] Maven-deploy-plugin :2.7:deploy (default-deploy) @base-iminling -- -- Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-paren T - 1.0.0. Pom Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-paren M.E. from OSSRH: M.E. (13 KB AT 59 7 B/s) M.E. from OSSRH: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s) [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 32.049s [INFO] Finished at: 2021-02-20T14:11:23+08:00 [INFO] ------------------------------------------------------------------------Problems encountered
When publishing on the Mac, I encountered the following problems:
[INFO] -- maven-gpg plugin:1.5:sign (sign-artifacts) @base-iminling parent -- GPG: GPG: signing failed: download ioctl for device GPG: signing failed: Inappropriate ioctl for device [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 17.069s [INFO] Finished at: 2021-02-21T09:36:03+08:00 [INFO] ------------------------------------------------------------------------After searching the Internet, the reason is that GPG cannot pop up the password input page in the current terminal.
The solution is simple:
export GPG_TTY=$(tty)A password input screen will pop up if you re-execute it.
Released the follow-up
After release we will also need to make a comment under the issue in Sonatype to activate synchronization to the Maven central repository.
Version of the reference
release
The normal introduction coordinates can be referenced
snapshot
<! > < Repositories > < Repositories > <id>sonatype snapshots</name> sonatype snapshots</name> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> <! > < PluginRepositories > < PluginRepository > < ID >sonatype snapshots</ ID > <name>sonatype-snapshots</name> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> </pluginRepository> </pluginRepositories>follow-up
Look at the official document: https://oss.sonatype.org/#sta…
The addresses of my two warehouses are listed below. Please check the complete POM in the warehouse.
- Base – iminling – parent, the father of pom
- Base-Iminling-Core, a base JAR, is detailed in the repository reademe.md