[jira] Commented: (MREPOSITORY-25) bundle-create creates jar making a preceding gpg:sign step invalid

Sun, 05 Sep 2010 07:34:21 -0700 

    [ 
http://jira.codehaus.org/browse/MREPOSITORY-25?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234254#action_234254
 ] 

Dennis Lundberg commented on MREPOSITORY-25:
--------------------------------------------

It seems that the docs at Sonatype are wrong.

>From the plugin doc:

bq. repository:bundle-create Invokes the execution of the lifecycle phase 
package prior to executing itself.
 
repository:bundle-pack might be a better choice for you.

> bundle-create creates jar making a preceding gpg:sign step invalid
> ------------------------------------------------------------------
>
>                 Key: MREPOSITORY-25
>                 URL: http://jira.codehaus.org/browse/MREPOSITORY-25
>             Project: Maven 2.x Repository Plugin
>          Issue Type: Bug
>    Affects Versions: 2.3.1
>         Environment: Ubuntu 10.4, Sun Java 1.6.0_20, Maven 2.2.1
>            Reporter: Anthony Whitford
>
> Despite following instructions found here:
>     
> https://docs.sonatype.org/display/Repository/Uploading+3rd-party+Artifacts+to+Maven+Central
> I ran into a problem uploading the bundle to Sonatype's Staging area.  
> Specifically, I received  an *Invalid Signature* error for the main jar 
> artifact.
> Sure enough, I ran the following:  {noformat}gpg --verify 
> foo.jar.asc{noformat}
> and it confirmed that the signature was "BAD."
> Upon further investigation, it would seem that the problem is that the 
> repository:bundle-create goal is recreating the jar file, so the 
> command:{noformat}mvn source:jar javadoc:jar package gpg:sign 
> repository:bundle-create -Dgpg.passphrase=xx{noformat}
> seems to be creating the jar, signing it, and then creating the jar again -- 
> resulting in an invalid gpg signature for the jar.
> Note that my pom does not include a gpg signing step -- that is why it is 
> part of the command line.  My guess is that configuring the maven-gpg-plugin 
> in the project pom may make this work -- but I did not have the luxury of 
> being able to do that this time.
> The bundle-create goal needs to not recreate the jar file -- just make the 
> bundle.  Or clarify the documentation.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to