bundle-create creates jar making a preceding gpg:sign step invalid
------------------------------------------------------------------
Key: MREPOSITORY-25
URL: http://jira.codehaus.org/browse/MREPOSITORY-25
Project: Maven 2.x Repository Plugin
Issue Type: Bug
Affects Versions: 2.3.1
Environment: Ubuntu 10.4, Sun Java 1.6.0_20, Maven 2.2.1
Reporter: Anthony Whitford
Despite following instructions found here:
https://docs.sonatype.org/display/Repository/Uploading+3rd-party+Artifacts+to+Maven+Central
I ran into a problem uploading the bundle to Sonatype's Staging area.
Specifically, I received an *Invalid Signature* error for the main jar
artifact.
Sure enough, I ran the following: {noformat}gpg --verify foo.jar.asc{noformat}
and it confirmed that the signature was "BAD."
Upon further investigation, it would seem that the problem is that the
repository:bundle-create goal is recreating the jar file, so the
command:{noformat}mvn source:jar javadoc:jar package gpg:sign
repository:bundle-create -Dgpg.passphrase=xx{noformat}
seems to be creating the jar, signing it, and then creating the jar again --
resulting in an invalid gpg signature for the jar.
Note that my pom does not include a gpg signing step -- that is why it is part
of the command line. My guess is that configuring the maven-gpg-plugin in the
project pom may make this work -- but I did not have the luxury of being able
to do that this time.
The bundle-create goal needs to not recreate the jar file -- just make the
bundle. Or clarify the documentation.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
