bundle-create creates jar making a preceding gpg:sign step invalid ------------------------------------------------------------------
Key: MREPOSITORY-25 URL: http://jira.codehaus.org/browse/MREPOSITORY-25 Project: Maven 2.x Repository Plugin Issue Type: Bug Affects Versions: 2.3.1 Environment: Ubuntu 10.4, Sun Java 1.6.0_20, Maven 2.2.1 Reporter: Anthony Whitford Despite following instructions found here: https://docs.sonatype.org/display/Repository/Uploading+3rd-party+Artifacts+to+Maven+Central I ran into a problem uploading the bundle to Sonatype's Staging area. Specifically, I received an *Invalid Signature* error for the main jar artifact. Sure enough, I ran the following: {noformat}gpg --verify foo.jar.asc{noformat} and it confirmed that the signature was "BAD." Upon further investigation, it would seem that the problem is that the repository:bundle-create goal is recreating the jar file, so the command:{noformat}mvn source:jar javadoc:jar package gpg:sign repository:bundle-create -Dgpg.passphrase=xx{noformat} seems to be creating the jar, signing it, and then creating the jar again -- resulting in an invalid gpg signature for the jar. Note that my pom does not include a gpg signing step -- that is why it is part of the command line. My guess is that configuring the maven-gpg-plugin in the project pom may make this work -- but I did not have the luxury of being able to do that this time. The bundle-create goal needs to not recreate the jar file -- just make the bundle. Or clarify the documentation. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira