账号注册
首先我们要先注册sonatype账号,访问地址sonatype输入必须的内容就可以成功注册一个账号,不过对密码就有一些特殊的安全要求,正确注册就可以了。
sonatype工单
新建工单
点击新建按钮,项目选择open的那个,问题类型选择new project,概要,描述随便写就ok了
新建完成后如下图:
添加txt记录
如上边的图所示,它为了验证你是域名的所有者,会让你去解析一条txt记录。两种方案选一种就可以了,我这里选择的是添加一条txt的记录,如下图所示,我这里是不清楚规则,提交了两个工单,所以添加了两条记录,最后其中一个工单被认为是重复提交,已关闭。其中记录值填写你的工单地址,下图中框住的部分,主机记录就是jira tiket.
这里txt解析的值来源就是你的问题url,如下:
解析完后就可以再等待审核了,我的大概是凌晨3点进行的审核,通过以后会有邮件通知,工单下边也有评论,此时我们就可以准备发布我们的jar包了。
com.iminling has been prepared, now user(s) yslao can:
Publish snapshot and release artifacts to https://oss.sonatype.org
Have a look at this section of our official guide for deployment instructions:
https://central.sonatype.org/pages/ossrh-guide.html#deployment
Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central.
Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide:
https://central.sonatype.org/pages/releasing-the-deployment.html发布准备
gpg安装
mac安装gpg
这里利用brew进行安装
brew install gpgwindows安装gpg
windows安装了git客户端就自带了这个功能
查看gpg版本
有些安装成功后是gpg,有些是gpg2,所以根据自己的情况进行查看
$ gpg --version
gpg (GnuPG) 2.2.13-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /c/Users/kongh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
# 或者使用gpg2,就看自己的电脑上哪个命令可以运行. 生成key
mac生成
$ gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
注意:使用 “gpg --full-generate-key” 以获得一个功能完整的密钥产生对话框。
GnuPG 需要构建用户标识以辨认您的密钥。
真实姓名: yslao
电子邮件地址: [email protected]
您选定了此用户标识:
“yslao ”
更改姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)? O
我们需要生成大量的随机字节。在质数生成期间做些其他操作(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会获得足够的熵。
我们需要生成大量的随机字节。在质数生成期间做些其他操作(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会获得足够的熵。
gpg: /Users/konghang/.gnupg/trustdb.gpg:建立了信任度数据库
gpg: 密钥 84040E735F931A32 被标记为绝对信任
gpg: 目录‘/Users/konghang/.gnupg/openpgp-revocs.d’已创建
gpg: 吊销证书已被存储为‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’
公钥和私钥已经生成并被签名。
pub rsa3072 2021-02-20 [SC] [有效至:2023-02-20]
DD1E1B8213A07DA46FC3F2B684040E735F931A32
uid yslao
sub rsa3072 2021-02-20 [E] [有效至:2023-02-20] 期间会让输入密码,请牢记次密码,发布jar的时候要用到。如下图所示:
windos生成
基本和mac差不多,也请牢记住密码。
$ gpg --gen-key
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory '/c/Users/kongh/.gnupg' created
gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.
GnuPG needs to construct a user ID to identify your key.
Real name: yslao
Email address: [email protected]
You selected this USER-ID:
"yslao "
Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created
gpg: key 7204BFB944405DA7 marked as ultimately trusted
gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'
public and secret key created and signed.
pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
C87B0403E54CB05D431E5C1A7204BFB944405DA7
uid yslao
sub rsa2048 2021-02-20 [E] [expires: 2023-02-20] key操作
查看key
$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-02-20
/c/Users/kongh/.gnupg/pubring.kbx
---------------------------------
pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
C87B0403E54CD05D431E5C1A7204BFB944405DA7
uid [ultimate] yslao
sub rsa2048 2021-02-20 [E] [expires: 2023-02-20] 发布public key
# 命令格式:gpg --keyserver [key的服务器](这个有很多,随便找一个就行了) --send-keys [key] key就是查看key操作中pub对应的那串字符串
$ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7
gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371处理过期key(没有试验过,仅记录)
# 先用list-keys列出key列表
gpg --list-keys
# 编辑某个key
$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
sec rsa2048/7204BFB944405DA7
created: 2021-02-20 expires: 2023-02-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/B9A87F6417B16CA8
created: 2021-02-20 expires: 2023-02-20 usage: E
[ultimate] (1). yslao
# 选择需要修改的id
gpg> 1
sec rsa2048/7204BFB944405DA7
created: 2021-02-20 expires: 2023-02-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/B9A87F6417B16CA8
created: 2021-02-20 expires: 2023-02-20 usage: E
[ultimate] (1)* yslao
# 输入expire设置过期时间
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0)
# 输入 10m 代表10个月, 然后回车
10m
# 输入save进行保存,延长有效期
gpg> save pom.xml和setting.xml修改
Distribution 管理
修改pom.xml, 添加以下代码
ossrh
https://oss.sonatype.org/content/repositories/snapshots
ossrh
https://oss.sonatype.org/service/local/staging/deploy/maven2/
org.sonatype.plugins
nexus-staging-maven-plugin
1.6.7
true
ossrh
https://oss.sonatype.org/
true
认证配置
在setting.xml中添加认证信息,此处的id要和pom文件中的distributionManagement下snapshotRepository和repository的id保持一致.
ossrh
your-jira-id
your-jira-pwd
javadoc和源代码管理
在pom.xml中添加配置如下
org.apache.maven.plugins
maven-source-plugin
2.2.1
attach-sources
jar-no-fork
org.apache.maven.plugins
maven-javadoc-plugin
2.9.1
attach-javadocs
jar
gpg签名组件配置
在pom中添加gpg插件
org.apache.maven.plugins
maven-gpg-plugin
1.5
sign-artifacts
verify
sign
在setting.xml中添加gpg profile配置,gpg.executable属性要根据自己的电脑环境进行添加.
ossrh
true
gpg2
the_pass_phrase
Nexus Staging Maven插件,用于部署和发布
在pom.xml中添加以下内容
org.sonatype.plugins
nexus-staging-maven-plugin
1.6.7
true
ossrh
https://oss.sonatype.org/
true
发布
所有的发布操作确保gpg命令是可以用的,在windows下进行发布一定要注意是在git bash客户端中进行,以确保gpg可以使用.以及发布过程中可能会让你再次输入gpg的密码,这里需要注意一下。
快照版本
项目的版本如果是以-SNAPSHOT结尾的,就会发布到快照仓库,如下:
D:\project\idea\base-iminling-parent>mvn clean deploy
INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0-SNAPSHOT
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-S
NAPSHOT.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.03
4207-1.pom
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034
207-1.pom (14 kB at 4.8 kB/s)
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s)
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 15.105 s
[INFO] Finished at: 2021-05-20T11:42:18+08:00
[INFO] ------------------------------------------------------------------------release版本
项目的版本不是以-SNAPSHOT结尾的,就会发布到release仓库,如下:
D:\project\idea\base-iminling-parent>mvn clean deploy
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 59
7 B/s)
Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32.049 s
[INFO] Finished at: 2021-02-20T14:11:23+08:00
[INFO] ------------------------------------------------------------------------
遇到的问题
在mac上进行发布的时候遇到下边问题:
[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent ---
gpg: 签名时失败: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17.069 s
[INFO] Finished at: 2021-02-21T09:36:03+08:00
[INFO] ------------------------------------------------------------------------上网查询后,原因是 gpg 在当前终端无法弹出密码输入页面。
解决办法很简单:
export GPG_TTY=$(tty)重新执行,发现会弹出一个密码输入界面。
发布后续
发布后我们还需要在sonatype中问题下方进行评论,来激活同步到maven中心仓库.
版本引用
release
正常引入坐标就可以引用
snapshot
sonatype-snapshots
sonatype-snapshots
https://oss.sonatype.org/content/repositories/snapshots/
true
sonatype-snapshots
sonatype-snapshots
https://oss.sonatype.org/content/repositories/snapshots/
true
后续维护
查看官方文档:https://oss.sonatype.org/#sta...
下边放上我的两个仓库的地址,关于完整pom请查看仓库里的。
- base-iminling-parent, 父pom
- base-iminling-core, 一个基础jar,详细见仓库READEME.md