0x01 准备工作
- 域名一个,主要是为了申请group id,无域名可能可以,不过没试过。
How to Publish Your Artifacts to Maven Central
0x02 帐号注册
在 Sonatype Jira 上注册一个Jira帐号。
提交一个Issue,主要说明这个项目的用途,以及项目地址和Git地址。参考
在你的域名解析服务器中加入一个TXT记录,内容指向这个Issue地址。
大约半个小时左右,这个Issue就会有人处理
0x03 签名证书
安装GNU PGP,用以生成签名证书,由于我使用WSL,自带了PGP软件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15$ gpg --version
gpg (GnuPG) 2.2.4
libgcrypt 1.8.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/simon/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2生成签名证书,此步骤要求输入一个gpg passphrase,请记住这一密码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49$ gpg --full-gen-key
gpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Tue 23 Jul 2024 10:32:16 PM CST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Simon Dong
Email address: snovian@outlook.com
Comment:
You selected this USER-ID:
"Simon Dong <snovian@outlook.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key 7D41A81484E43B5E marked as ultimately trusted
gpg: revocation certificate stored as '/home/simon/.gnupg/openpgp-revocs.d/0F62AC3CD3EC262C73CB9CC27D41A81484E43B5E.rev'
public and secret key created and signed.
pub rsa2048 2019-07-25 [SC] [expires: 2024-07-23]
0F62AC3CD3EC262C73CB9CC27D41A81484E43B5E
uid Simon Dong <snovian@outlook.com>
sub rsa2048 2019-07-25 [E] [expires: 2024-07-23]
发布PGP Key到公网服务器
1
2$ gpg --keyserver pool.sks-keyservers.net --send-keys 0F62AC3CD3EC262C73CB9CC27D41A81484E43B5E
gpg: sending key 7D41A81484E43B5E to hkp://pool.sks-keyservers.net可用key server列表有:
- pool.sks-keyservers.net
- gnupg.net:11371
- keys.pgp.net
- surfnet.nl
- mit.edu
0x04 本地Maven Settings.xml修改
在<Servers>
节点加入ossrh
服务器信息
1 | <server> |
在<profiles>
节点加入一个profile
1 | <profile> |
0x05 准备项目POM文件
- 以下POM节点信息是Sonatype必须的节点
1 | <modelVersion>4.0.0</modelVersion> |
我的配置文件:
1 | <modelVersion>4.0.0</modelVersion> |
- Maven 签名插件,将插件配置在一个profile中,以便在RELEASE版本发布时启用此插件
1 | <profiles> |
- RELEASE发布插件
1 | <plugin> |
- SNAPSHOT发布插件
1 | <plugin> |
- 源代码打包
1 | <plugin> |
0x06 发布
SNAPSHOT
版本
1 | mvn deploy |
RELEASE
版本
1 | mvn clean |
GPG Key尽量发布到多个Key服务器上,我在发布过程中出现过GPG无法找到的情形。