Re: Signing when staging with Maven Artifact Resolver Ant Task
> On 7 Mar 2023, at 18:46, Tamás Cservenák wrote: > > Yup, > > invoke gpg with "--armor --detach-sign", this is what maven plugin does: > https://github.com/apache/maven-gpg-plugin/blob/master/src/main/java/org/apache/maven/plugins/gpg/GpgSigner.java#L136-L138 OMG thank you so much, that was the missing piece. 🥳 Ciao, seba - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Re: Signing when staging with Maven Artifact Resolver Ant Task
> On 7 Mar 2023, at 17:23, Tamás Cservenák wrote: > > Howdy > > Could you just invoke gpg cli (that's what maven gpg plugin does as well) > and just add that file as type "jar.asc"? > I tried that. Apart from a lot of manual fliddling (e.g., the new target will upload pom.xml, but *not* its signature, etc.) at the end Sonatype refuses to valide the signatures. Maybe I have to upload something more, but this stuff was set up 20y ago and worked since then like a charm. Delving again now in this mess without any migration path is really burning me out. "Failed to validate the pgp signature of '/it/unimi/dsi/dsiutils/2.7.3/dsiutils-2.7.3-javadoc.jar', check the logs." I have looked everywhere in the Sonatype web interface for such logs, with no results :(. Ciao, seba - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
Signing when staging with Maven Artifact Resolver Ant Task
Sorry to repost this, but we're really stuck. Sonatype will probably at some
point update their updated documentation, but it is not clear when.
> On 15 Feb 2023, at 22:48, Sebastiano Vigna wrote:
>
> Maven Ant Tasks has been retired in favor of Maven Artifact Resolver Ant
> Tasks. There is no official migration path and the documentation is, well, OK.
>
> We used Maven Ant Tasks to stage our jars into Sonatype for publication in
> Maven Central. I've been able to almost completely replicate that behavior in
> Maven Artifact Resolver Ant Tasks, but I haven't been able to sign the jars.
>
> Does anybody know how this should be performed? Previously, I'd add a
>
> value="org.apache.maven.plugins:maven-gpg-plugin:1.3:sign-and-deploy-file" />
>
> in the task. Now I have a task
>
>
>
> ="${maven-staging-repository-url}"/>
>
>
>
>
>
> and it works perfectly, but no signing.
>
> Ciao,
>
> seba
>
-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
Signing when staging with Maven Artifact Resolver Ant Task
Maven Ant Tasks has been retired in favor of Maven Artifact Resolver Ant Tasks. There is no official migration path and the documentation is, well, OK. We used Maven Ant Tasks to stage our jars into Sonatype for publication in Maven Central. I've been able to almost completely replicate that behavior in Maven Artifact Resolver Ant Tasks, but I haven't been able to sign the jars. Does anybody know how this should be performed? Previously, I'd add a in the task. Now I have a task and it works perfectly, but no signing. Ciao, seba - To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org
