[prev in list] [next in list] [prev in thread] [next in thread]
List: jboss-user
Subject: [jboss-user] [Javassist Development] - Publishing javassist
From: Andrew Dinn <do-not-reply () jboss ! com>
Date: 2010-07-30 10:48:45
Message-ID: 1902089312.271081280486929595.JavaMail.jive () clearspace02 ! app ! mwc ! hst ! phx2 ! redhat ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Andrew Dinn [http://community.jboss.org/people/adinn] modified the document:
"Publishing javassist releases to Sonatype public repo/maven central"
To view the document, visit: http://community.jboss.org/docs/DOC-15641
--------------------------------------------------------------
This page describes the process for deploying a javassist project release from relase \
3.13.0.GA onwards to the Sonatype public repository and from there to maven central. \
Althoguh it focusses on explaining how to upload javassist releases it should provide \
enough information to guide anyone wanting to upload some other project's artifacts \
to Sonatype/maven central h1. Why publish to Sonatype?
Previously javassist has published to the JBoss repo. The motive for moving \
deployment to the Sonatype repo is that it automatically synchronizes installed jars \
with maven central. Although javassist is a JBoss hosted project it is used by \
non-JBoss projects. So deploying to Sonatype/maven central gives two successive \
advantages:
* Projects which have no dependency on JBoss can depend on javassist without needing \
to reference the JBoss repo. As a consequence their dependent projects no longer need \
to reference the JBoss repo and so on i.e. this removes the need to introduce the \
JBoss repo into any upstream dependency chain.
* As a direct consequence projects which depend on javassist can install their jars \
to the maven repo. maven central will only host artifacts whose dependencies are also \
located in the central repo i.e. it will not allow other repos to be introduced via \
the downstream dependency chain. h1. pom Conformance Requirements
Sonatype and maven central are fussy about what they expect to find in their poms. \
The http://anonsvn.jboss.org/repos/javassist/tags/rel_3_13_0_ga/pom.xml javassist \
pom has been modified to meet these \
https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide#SonatypeOSSMavenRepositoryUsageGuide-6.CentralSyncRequirement \
pom conformance requirements. h1. Locating Old and New javassist Releases
As of release.3.13.0.GA the javassist project is now set up to publish releases to \
the https://oss.sonatype.org/index.html#view-repositories;public Sonatype public \
repo. Sonatype will ensure that these new releases are automatically synced with the \
http://repo2.maven.org/maven2/ maven central repo. The JBoss repo will automatically \
inherit these new releases form maven central making them available for use in JBoss \
projects.
In order to conform to Sonatype and Maven Cetral guidelines all releases from \
3.13.0.GA onwards are installed using groupid org.javassist. Older releases are \
currently located in the JBoss public repo under the old groupid javassist. These \
oleder releases are in the process of being migrated to the maven central repo \
+under the old groupid+. However, they are currently still available at the JBoss \
repo.
Snapshot releases are still only deployed to the JBoss snapshots repo. At some point \
this may be changed so that they are deployed to the sonatype public snapshots repo \
but this change should not be critical for most dependent projects.
h1. Deploying a javassist tags Release
Deployment of a release from the svn tags tree requires first checking out the tag
> $ svn co https://svn.jboss.org/repos/javassist/tags/rel_X_Y_Z_GA
>
> $ cd rel_X_Y_Z_GA
n.b. ensure that the version tags defined in pom.xml and build.xml match those used \
to create the svn tags directory
> pom.xml
> . . .
> <groupId>org.javassist</groupId>
> <artifactId>javassist</artifactId>
> <version>X.Y.Z-GA</version>
> . . .
>
>
> build.xml
> . . .
> <property name="dist-version" value="javassist-X.Y.Z-GA"/>
Anyone with appropriate upload permission can deploy directly to the JBoss repo.
> $ mvn javadoc:jar deploy
This will install a class jar, a source jar and a javadoc jar in the \
https://repository.jboss.org/nexus/index.html#stagingRepositories JBoss staging repo. \
You can then follow the http://community.jboss.org/wiki/MavenDeployingaRelease usual \
process for closing, validating and then promoting the jars to the public repo. \
However, this step is unnecessary since upload to Sonatype/maven central will make \
the jars available via the JBoss releases repo.
Uploading to the Sonatype repo requires some preliminary steps described below. Once \
these have been performed it is almost as simple as uplaoding to the JBoss repo:
> $ mvn -P centralRelease javadoc:jar deploy
This should install a gpg-signed class jar, source jar and javadoc jar in the \
https://oss.sonatype.org/index.html#stagingRepositories Sonatype staging repo. You \
use the http://community.jboss.org/wiki/MavenDeployingaRelease same process for \
closing, validating and then promoting the jars to the public repo as applies with \
the JBoss staging repo.
h1. Preliminaries Steps for Sonatype Upload
There are several preliminary steps which must be performed before you can upload to \
the Sonatype repo. h2. Add a Developer Entry
The pom shoud be updated to include your details as a javassist developer in the \
developers section. Ideally this should be done before a release has been tagged.
> <developers>
> . . .
>
> <developer>
> <id>adinn</id>
> <name>Andrew Dinn</name>
> <email>adinn@redhat.com (mailto:adinn@redhat.com)</email>
> <organization>JBoss</organization>
> <organizationUrl>http://www.jboss.org/</organizationUrl>
> <roles>
> <role>contributing developer</role>
> </roles>
> <timezone>0</timezone>
> </developer>
> . . .
>
h2. Acquire Sonatype JIRA Login
You need to obtain a login for the Sonatype JIRA system. This allows you to raise a \
JIRA to negotiate access to the repo. It is also used as your login when uplaoding to \
the repo.
* Go to the front page of the https://issues.sonatype.org/ Sonatype JIRA system and \
click where it says sign up for an account under the box asking for a \
user name
* Raise a JIRA asking to be added to the list of org.javassist developers with upload \
capability (here is the https://issues.sonatype.org/browse/OSSRH-570 original JIRA \
which requested permission to uplaod the project)
h2. Obtain and Export a gpg Public Key
The Sonatype repo requires all jars to be signed so you need to obtain a signing key \
and export it to a public key server in order for the signed jars to be verified. If \
you already have a gpg key then you only need to perform the export \
step.
* Create a gpg key
> $ gpg2 ---gen-key
> gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> Please select what kind of key you want:
> (1) RSA and RSA (default)
> (2) DSA and Elgamal
> (3) DSA (sign only)
> (4) RSA (sign only)
> Your selection?
> RSA keys may be between 1024 and 4096 bits long.
> What keysize do you want? (2048)
> Requested keysize is 2048 bits
> Please specify how long the key should be valid.
> 0 = key does not expire
> <n> = key expires in n days
> <n>w = key expires in n weeks
> <n>m = key expires in n months
> <n>y = key expires in n years
> Key is valid for? (0)
> Key does not expire at all
> Is this correct? (y/N) y
>
> You need a user ID to identify your key; the software constructs the user ID
> from the Real Name, Comment and Email Address in this form:
> "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de \
> (mailto:heinrichh@duesseldorf.de)>"
> Real name: Fred Bloggs
> Email address: fred.bloggs@jboss.org (mailto:fred.bloggs@jboss.org)
> Comment: Javassist Developer
> You selected this USER-ID:
> "Fred Bloggs (Javassist Developer) <fred.bloggs@jboss.org \
> (mailto:fred.bloggs@jboss.org)>"
> Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
> You need a Passphrase to protect your secret key.
>
>
>
> Passphrase: ***********
> Repeat Passphrase: ***********
>
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ..+++++
> ...+++++
> We need to generate a lot of random bytes. It is a good idea to perform
> some other action (type on the keyboard, move the mouse, utilize the
> disks) during the prime generation; this gives the random number
> generator a better chance to gain enough entropy.
> ....+++++
> ...+++++
> gpg: key 9E0FB9ED marked as ultimately trusted
> public and secret key created and signed.
>
> gpg: checking the trustdb
> gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
> gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
> pub 2048R/9E0FB9ED 2010-07-27
> Key fingerprint = C469 AD5F EF38 FC57 5230 02CF 9C0C 9DE4 9E0F B9ED
> uid Fred Bloggs (Javassist Developer) \
> <fred.bloggs@jboss.org (mailto:fred.bloggs@jboss.org)> sub 2048R/690CD282 \
> 2010-07-27
Note that you are prompted to insert a passphrase which you will also be required \
to enter when you use the key to sign the jars. The private and public keys are \
stored in dorectory ${HOME}/.gnupg. You can list your keys using command gpg2 \
--list-keys.
* Make your public key available on key server hkp://pgp.mit.edu/
> $ gpg2 --keyserv hkp://pgp.mit.edu/ --send-keys 9E0FB9ED
You can now use your saved key and the passphrase you supplied when you created \
them to upload to Sonatype. However, you might also want to insatll the passphrase in \
your settings.xml file so you don't have to keep typing it in every time a jar is \
encrypted.
h2. Configure Your gpg Passphrase in settings.xml
Release jars need to be signed in order to upload them to the Sonatype repo so you \
will be asked 3 times for your passphrase unless you configure the maven build with \
the necessary information. The sonatype profile (-P centralRelease) in the project \
pom adds the gpg plugin to the build. This plugin is configured so that you can pass \
it a gpg passphrase by setting the required property in ${HOME}/.m2/settings.xml. \
Obviously you only need to do this when uploading to Sonatype so it makes sense to \
place the property in a profile entry labelled with id centralRelease
> <profiles>
> . . .
> <profile>
> <id>centralRelease</id>
> <properties>
> <gpg.passphrase>foobar</gpg.passphrase>
> </properties>
> </profile>
> . . .
--------------------------------------------------------------
Comment by going to Community
[http://community.jboss.org/docs/DOC-15641]
Create a new document in Javassist Development at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2063]
[Attachment #5 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; \
margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: \
1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; \
-webkit-border-radius: 6px;"> <tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" \
style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: \
6px; -webkit-border-radius: 6px;"> <tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px \
solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; \
-moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; \
-webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; \
margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag \
-->
<!-- Email clients will render the images when the message is read so any \
image -->
<!-- must be made available on a public server, so that all recipients can \
load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: \
none; color: #E1E1E1">JBoss Community</a></h1> </td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; \
color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; \
-moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; \
-webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: \
17px; font-weight: normal;"> Publishing javassist releases to Sonatype public \
repo/maven central </h3>
<span style="margin-bottom: 10px;">
modified by <a href="http://community.jboss.org/people/adinn">Andrew Dinn</a> in \
<i>Javassist Development</i> - <a \
href="http://community.jboss.org/docs/DOC-15641">View the full document</a> </span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>This page describes the process for deploying a \
javassist project release from relase 3.13.0.GA onwards to the Sonatype public \
repository and from there to maven central. Althoguh it focusses on explaining how to \
upload javassist releases it should provide enough information to guide anyone \
wanting to upload some other project's artifacts to Sonatype/maven central</p><h1>Why \
publish to Sonatype?</h1><p>Previously javassist has published to the JBoss repo. The \
motive for moving deployment to the Sonatype repo is that it automatically \
synchronizes installed jars with maven central. Although javassist is a JBoss hosted \
project it is used by non-JBoss projects. So deploying to Sonatype/maven central \
gives two successive advantages:</p><ul><li>Projects which have no dependency on \
JBoss can depend on javassist without needing to reference the JBoss repo. As a \
consequence their dependent projects no longer need to reference the JBoss repo and \
so on  i.e. this removes the need to introduce the JBoss repo into any upstream \
dependency chain.</li><li>As a direct consequence projects which depend on javassist \
can install their jars to the maven repo. maven central will only host artifacts \
whose dependencies are also located in the central repo i.e. it will not allow other \
repos to be introduced via the downstream dependency chain.</li></ul><h1>pom \
Conformance Requirements</h1><p>Sonatype and maven central are fussy about what they \
expect to find in their poms. The <a class="jive-link-external-small" \
href="http://anonsvn.jboss.org/repos/javassist/tags/rel_3_13_0_ga/pom.xml">javassist \
pom</a> has been modified to meet these <a class="jive-link-external-small" \
href="https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide#SonatypeOSSMavenRepositoryUsageGuide-6.CentralSyncRequirement">pom \
conformance requirements</a>.</p><h1>Locating Old and New javassist \
Releases</h1><p>As of release.3.13.0.GA the javassist project is now set up to \
publish releases to the <a class="jive-link-external-small" \
href="https://oss.sonatype.org/index.html#view-repositories;public">Sonatype public \
repo</a>. Sonatype will ensure that these new releases are automatically synced with \
the <a class="jive-link-external-small" href="http://repo2.maven.org/maven2/">maven \
central repo</a>. The JBoss repo will automatically inherit these new releases form \
maven central making them available for use in JBoss projects.</p><p \
style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>In order to conform \
to Sonatype and Maven Cetral guidelines all releases from 3.13.0.GA onwards are \
installed using groupid <span style="font-family: courier \
new,courier;">org.javassist</span>. Older releases are currently located  in the \
JBoss public repo under the old groupid <span style="font-family: courier \
new,courier;">javassist</span>. These oleder releases are in the process of \
being  migrated to the maven central repo <em>under the old groupid</em>. \
However, they are currently still available at the JBoss repo.</p><p \
style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Snapshot releases \
are still only deployed to the JBoss snapshots repo. At some point this may be \
changed so that they are deployed to  the sonatype public snapshots repo but \
this change should not be critical for most dependent projects.</p><p \
style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><h1>Deploying a \
javassist tags Release</h1><p>Deployment of a release from the svn tags tree requires \
first checking out the tag</p><blockquote class="jive-quote"><p><span \
style="font-family: courier new,courier;"><span>$ svn co </span><a \
class="jive-link-external-small" \
href="https://svn.jboss.org/repos/javassist/tags/rel_X_Y_Z_GA" \
target="_blank">https://svn.jboss.org/repos/javassist/tags/rel_X_Y_Z_GA</a><br/></span></p><p><span \
style="font-family: courier new,courier;">$ cd \
rel_X_Y_Z_GA</span></p></blockquote><p>n.b. ensure that the version tags defined in \
pom.xml and build.xml match those used to create the svn tags \
directory</p><blockquote class="jive-quote">pom.xml<br/>  . . .<br/>  \
<groupId>org.javassist</groupId><br/>  \
<artifactId>javassist</artifactId><br/>  \
<version>X.Y.Z-GA</version><br/>  . . .<br/><br/><p \
style="min-height: 8pt; height: 8pt; padding: \
0px;"> </p><p>build.xml</p><p>  . . .</p><p><property \
name="dist-version" value="javassist-X.Y.Z-GA"/></p></blockquote><p>Anyone with \
appropriate upload permission can deploy directly to the JBoss repo.</p><blockquote \
class="jive-quote"><p>$ mvn javadoc:jar deploy</p></blockquote><p>This will install \
a  class jar, a source jar and a javadoc jar in the <a \
class="jive-link-external-small" \
href="https://repository.jboss.org/nexus/index.html#stagingRepositories">JBoss \
staging repo</a>. You can then follow the <a class="" \
href="http://community.jboss.org/wiki/MavenDeployingaRelease">usual process</a> for \
closing, validating and then promoting the jars to the public repo. However, this \
step is unnecessary since upload to Sonatype/maven central will make the jars \
available via the JBoss releases repo.</p><p style="min-height: 8pt; height: 8pt; \
padding: 0px;"> </p><p>Uploading to the Sonatype repo requires some preliminary \
steps described below. Once these have been performed it is almost as simple as \
uplaoding to the JBoss repo:</p><blockquote class="jive-quote"><p>$ mvn  -P \
centralRelease javadoc:jar deploy</p></blockquote><p style="min-height: 8pt; height: \
8pt; padding: 0px;"> </p><p>This should install a gpg-signed class jar, source \
jar and javadoc jar in the <a class="jive-link-external-small" \
href="https://oss.sonatype.org/index.html#stagingRepositories">Sonatype staging \
repo</a>. You use the <a class="" \
href="http://community.jboss.org/wiki/MavenDeployingaRelease">same process</a> for \
closing, validating and then promoting the jars to the public repo as applies with \
the JBoss staging repo.</p><p style="min-height: 8pt; height: 8pt; padding: \
0px;"> </p><h1>Preliminaries Steps for Sonatype Upload</h1><p>There are several \
preliminary steps which must be performed before you can upload to the Sonatype \
repo.</p><h2>Add a Developer Entry</h2><p>The pom shoud be updated to include your \
details as a javassist developer in the developers section. Ideally this should be \
done before a release has been tagged.</p><p style="min-height: 8pt; height: 8pt; \
padding: 0px;"> </p><blockquote class="jive-quote"><span style="font-family: \
courier new,courier;">  <developers><br/>    . . .<br/> \
<br/>  <developer><br/>      \
<id>adinn</id><br/>      <name>Andrew \
Dinn</name><br/><span>      <email></span><a \
class="jive-link-email-small" href="mailto:adinn@redhat.com" \
target="_blank">adinn@redhat.com</a><span></email></span><br/>      \
<organization>JBoss</organization><br/><span>      \
<organizationUrl></span><a class="jive-link-external-small" \
href="http://www.jboss.org/" \
target="_blank">http://www.jboss.org/</a><span></organizationUrl></span><br/>      \
<roles><br/>        <role>contributing \
developer</role><br/>      \
</roles><br/>      \
<timezone>0</timezone><br/>    \
</developer><br/>    . . .</span><br/></blockquote><h2>Acquire \
Sonatype JIRA Login</h2><p>You need to obtain a login for the Sonatype JIRA system. \
This allows you to raise a JIRA to negotiate access to the repo. It is also used as \
your login when uplaoding to the repo.</p><p style="min-height: 8pt; height: 8pt; \
padding: 0px;"> </p><ul><li>Go to the front page of the <a \
class="jive-link-external-small" href="https://issues.sonatype.org/">Sonatype JIRA \
system</a> and click where it says sign up for an account under the box asking for a \
user name</li><li>Raise a JIRA asking to be added to the list of org.javassist \
developers with upload capability (here is the <a class="jive-link-external-small" \
href="https://issues.sonatype.org/browse/OSSRH-570">original JIRA</a> which requested \
permission to uplaod the project)</li></ul><p style="min-height: 8pt; height: 8pt; \
padding: 0px;"> </p><h2>Obtain and Export a gpg Public Key</h2><p>The Sonatype \
repo requires all jars to be signed so you need to obtain a signing key and export it \
to a public key server in order for the signed jars to be verified. If you already \
have a gpg key then you only need to perform the export step.</p><ul><li>Create a gpg \
key</li></ul><blockquote class="jive-quote"><p><span style="font-family: courier \
new,courier;">$ gpg2 ---gen-key</span></p><p><span style="font-family: courier \
new,courier;">gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, \
Inc.<br/>This is free software: you are free to change and redistribute it.<br/>There \
is NO WARRANTY, to the extent permitted by law.<br/><br/>Please select what kind of \
key you want:<br/>   (1) RSA and RSA (default)<br/>   (2) DSA and \
Elgamal<br/>   (3) DSA (sign only)<br/>   (4) RSA (sign \
only)<br/>Your selection? <br/>RSA keys may be between 1024 and 4096 bits \
long.<br/>What keysize do you want? (2048) <br/>Requested keysize is 2048 \
bits<br/>Please specify how long the key should be \
valid.<br/>         0 = key does not \
expire<br/>      <n>  = key expires in n \
days<br/>      <n>w = key expires in n \
weeks<br/>      <n>m = key expires in n \
months<br/>      <n>y = key expires in n years<br/>Key \
is valid for? (0) <br/>Key does not expire at all<br/>Is this correct? (y/N) \
y<br/><br/>You need a user ID to identify your key; the software constructs the user \
ID<br/>from the Real Name, Comment and Email Address in this \
form:<br/><span>    "Heinrich Heine (Der Dichter) <</span><a \
class="jive-link-email-small" href="mailto:heinrichh@duesseldorf.de" \
target="_blank">heinrichh@duesseldorf.de</a><span>>"</span><br/><br/>Real name: \
Fred Bloggs<br/><span>Email address: </span><a class="jive-link-email-small" \
href="mailto:fred.bloggs@jboss.org" \
target="_blank">fred.bloggs@jboss.org</a><br/>Comment: Javassist Developer<br/>You \
selected this USER-ID:<br/><span>    "Fred Bloggs (Javassist \
Developer) <</span><a class="jive-link-email-small" \
href="mailto:fred.bloggs@jboss.org" \
target="_blank">fred.bloggs@jboss.org</a><span>>"</span><br/><br/>Change (N)ame, \
(C)omment, (E)mail or (O)kay/(Q)uit? O<br/>You need a Passphrase to protect your \
secret key.<br/></span></p><p><span style="font-family: courier \
new,courier;"><br/></span></p><p><span style="font-family: courier \
new,courier;">Passphrase: ***********</span></p><p><span style="font-family: courier \
new,courier;">Repeat Passphrase: ***********<br/></span></p><p><span \
style="font-family: courier new,courier;">We need to generate a lot of random bytes. \
It is a good idea to perform<br/>some other action (type on the keyboard, move the \
mouse, utilize the<br/>disks) during the prime generation; this gives the random \
number<br/>generator a better chance to gain enough \
entropy.<br/>..+++++<br/>...+++++<br/>We need to generate a lot of random bytes. It \
is a good idea to perform<br/>some other action (type on the keyboard, move the \
mouse, utilize the<br/>disks) during the prime generation; this gives the random \
number<br/>generator a better chance to gain enough \
entropy.<br/>....+++++<br/>...+++++<br/>gpg: key 9E0FB9ED marked as ultimately \
trusted<br/>public and secret key created and signed.<br/><br/>gpg: checking the \
trustdb<br/>gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model<br/>gpg: \
depth: 0  valid:   2  signed:   0  trust: 0-, 0q, \
0n, 0m, 0f, 2u<br/>pub   2048R/9E0FB9ED \
2010-07-27<br/>      Key fingerprint = C469 AD5F EF38 FC57 \
5230  02CF 9C0C 9DE4 9E0F \
B9ED<br/><span>uid                  \
Fred Bloggs (Javassist Developer) <</span><a class="jive-link-email-small" \
href="mailto:fred.bloggs@jboss.org" \
target="_blank">fred.bloggs@jboss.org</a><span>></span><br/>sub   \
2048R/690CD282 2010-07-27</span></p></blockquote><p style="min-height: 8pt; height: \
8pt; padding: 0px;"> </p><p style="padding-left: 30px;">Note that you are \
prompted  to insert a passphrase which you will also be required to enter when \
you use the key to sign the jars. The private and public keys are stored in dorectory \
<span style="font-family: courier new,courier;">${HOME}/.gnupg</span>. You can list \
your keys using command <span style="font-family: courier new,courier;">gpg2 \
--list-keys</span>.</p><p style="min-height: 8pt; height: 8pt; padding: \
0px;"> </p><ul><li>Make your public key available on key server \
hkp://pgp.mit.edu/</li></ul><blockquote class="jive-quote"><p><span \
style="font-family: courier new,courier;">$ gpg2 --keyserv hkp://pgp.mit.edu/ \
--send-keys 9E0FB9ED</span></p></blockquote><p style="padding-left: 30px;">You can \
now use your saved key and the passphrase you supplied when you created  them to \
upload to Sonatype. However, you might also want to insatll the passphrase in your \
settings.xml file so you don't have to keep typing it in every time  a jar is \
encrypted.</p><p style="min-height: 8pt; height: 8pt; padding: \
0px;"> </p><h2>Configure Your gpg Passphrase in settings.xml</h2><p>Release jars \
need to be signed in order to upload them to the Sonatype repo so you will be asked 3 \
times for your passphrase unless you configure the maven build with the necessary \
information. The sonatype profile (-P centralRelease) in the project pom adds the gpg \
plugin to the build. This plugin is configured so that you can pass it a gpg \
passphrase by setting the required  property in <span style="font-family: \
courier new,courier;">${HOME}/.m2/settings.xml</span>. Obviously you only need to do \
this when uploading to Sonatype so it makes sense to place the property in a profile \
entry labelled with id centralRelease</p><p style="min-height: 8pt; height: 8pt; \
padding: 0px;"> </p><blockquote \
class="jive-quote"><pre><profiles><br/>  . . .<br/>  \
<profile><br/>    \
<id>centralRelease</id><br/>    \
<properties><br/>      \
<gpg.passphrase>foobar</gpg.passphrase><br/>    \
</properties><br/>  </profile><br/>  . . . </pre> \
</blockquote></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Comment by <a \
href="http://community.jboss.org/docs/DOC-15641">going to Community</a></p>
<p style="margin: 0;">Create a new document in Javassist Development at <a \
href="http://community.jboss.org/choose-container!input.jspa?contentType=102&containerType=14&container=2063">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic