我正在尝试将Java库发布到Maven Central存储库。
我以前从未做过。该项目用于测试目的。当我弄清楚
如何正确发布项目,然后我将发布一个实际的库。
我的目标是能够将该项目添加为其他项目的依赖性。
我知道我可以将其包括在.jar中,但是我想了解其他导入依赖性的方式。
在运行任务时:
./gradlew publish
在我的项目root文件夹中,我得到构建错误:
> Task :signMavenJavaPublication FAILED
Caching disabled for task ':signMavenJavaPublication' because:
Build cache is disabled
Task ':signMavenJavaPublication' is not up-to-date because:
Task has failed previously.
:signMavenJavaPublication (Thread[Execution worker for ':',5,main]) completed. Took 0.004 secs.
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':signMavenJavaPublication'.
> Cannot perform signing task ':signMavenJavaPublication' because it has no configured signatory
编辑:
我取得了一些进步。我将在问题的底部发布。
在过去的四天中,我一直在努力弄清楚原因。 我将进一步发布构建代码,但首先,我将遵循我遵循的所有步骤,首先能够发布到中央存储库。
我的Gradle经验有限,但我认为我知道基本知识。
我已经阅读了以下各种文档:
central.sonatype.org
gradle
xy2401.com/local-docs/java/gradle-6.0.1/signing_plugin.html#sec:signatory_credentials“ rel = “ 我不知道我在做什么或为什么。
-
申请Sonatype Jira上的GroupID。解决此问题/票务已解决。而且我应该能够将快照并将其发布到 io.github.username ”下发布我的项目/库。
-
下载并设置
在设置的某个时候,我被要求创建一个GNUPG密码(签名密码(签名) 。密码)。
不记得什么时候。
gpg --gen-key
输入我的名字和电子邮件。现在我可以输入:
gpg -K
而且我会得到以下(不是实际值):
sec ed25519 2022-05-25 [SC] [expires: 2024-05-24]
****************************************
uid [ultimate] My Name <[email protected]>
ssb cv25519 2022-05-25 [E] [expires: 2024-05-24]
因此,**************************************************** *********是我正在使用的密码。 (最后8位)。
现在我导出钥匙。(我认为它创建了我的秘密钥匙吗?):
gpg --export-secret-keys ******** > C:\users\username\secring.gpg
据我所知,这可能是任何文件夹。只要文件夹对应于:
signing.secretKeyRingFile=\users\username\secring.gpg
在gradle.properties文件中。
另外,键入此内容的正确方法是什么?
signing.secretKeyRingFile=\users\username\secring.gpg
signing.secretKeyRingFile=C:\users\username\secring.gpg
signing.secretKeyRingFile=C:\\users\\username\\secring.gpg
signing.secretKeyRingFile="C:\\users\\username\\secring.gpg"
(我认为我已经尝试了所有变体)
然后我需要将公共密钥发送到某些密钥服务器。还有一些替代方法:
- keyserver.ubuntu.com
- keys.openpgp.org
- pgp.mit.edu
我试图将其发送给所有这些。
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys ****************************************
并可以检查服务器是否收到密钥:
gpg --keyserver hkp://keyserver.ubuntu.com --search-key '[email protected]'
他们明白了。至少服务器以密钥的最后16个左右响应。
- 因此,在这一点上,我设置了一个名为“存储”的简单Java测试项目。将其推到我的github仓库。以同名。
- 现在我们可以进入Gradle文件。请记住,我不完全确定这是否正确。如果我忽略了某些东西,或者是不必要的。请告诉我。
build.gradle
plugins {
id 'java-library'
id 'signing'
id 'maven-publish'
}
group 'io.github.username'
version '0.0.1'
repositories {
mavenCentral()
maven { url "http://repo.maven.apache.org/maven2" }
maven { url "https://oss.sonatype.org/content/repositories/snapshots/" }
}
dependencies {}
java {
withJavadocJar()
withSourcesJar()
}
publishing {
publications {
mavenJava(MavenPublication) {
groupId = 'io.github.username'
artifactId = 'storage'
version = '0.0.1'
from components.java
pom {
name = 'Storage'
description = 'Storage is an open-source Java library test'
url = 'https://github.com/username/Storage'
inceptionYear = '2022'
licenses {
license {
name = 'MIT License'
url = 'http://www.opensource.org/licenses/mit-license.php'
}
}
developers {
developer {
id = 'sonatype-username'
name = 'Full Name'
email = '[email protected]'
}
}
scm {
connection = 'scm:git:git://github.com/username/Storage.git'
developerConnection = 'scm:git:ssh://github.com/username/Storage.git'
url = 'https://github.com/username/Storage'
}
}
}
}
repositories {
maven {
name = "OSSRH"
url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"
credentials {
username = project.properties["ossrhUsername"]
password = project.properties["ossrhPassword"]
}
}
}
}
signing {
sign publishing.publications.mavenJava
}
javadoc {
if(JavaVersion.current().isJava9Compatible()) {
options.addBooleanOption('html5', true)
}
}
gradle-wrapper.properties
# auto-generated
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
# Sonatype variables
ossrhUsername=username
ossrhPassword=password
# GnuPG
signing.keyId=********
singing.password=GnpPassword
signing.secretKeyRingFile=\Users\username\secring.gpg
settings.gradle
rootProject.name = 'Storage'
应该是这样。但是我可以包含各种软件/工具的版本:
- OS Windows 10
- GNUPG 2.3.6
- Gradle 7.4.2
- Java 13.0.1
- Groovy 3.0.9
进度:
我将项目发布到 nexus存储库管理器。
因此,我知道 build.gradle 可以访问我的 gradle.properties 文件,并且可以读取其内容。
我通过排除签名零件来获得发布任务来工作。
我已经将密钥(现在两个键)发送给两个:
- keyserver.ubuntu.com
- pgp.mit.edu
keys.openpgp.org似乎不起作用。我得到 gpg:keyserver发送失败:证书过期
当我向服务器发送键时,我使用完整的密钥ID。
我可以查询服务器以查看他们是否实际上收到了键: gpg -keyserver hkp://keyserver.ubuntu.com -search-key' [email&nbsp;
]
(1) My Name <[email protected]>
263 bit EDDSA key ****************, created: 2022-05-28
(2) My Name <[email protected]>
263 bit EDDSA key ****************, created: 2022-05-25
Keys 1-2 of 2 for "[email protected]". Enter number(s), N)ext, or Q)uit >
protighted *****实际上是我钥匙的最后数字。它必须正确。我应该只将密钥的最后8个数字发送到服务器吗?
singing.password 我使用的是相同的选择。
但是出于某种深奥的原因。签名仍然不起作用。是否可以确定失败的确切原因?
请看一下我的 build.gradle 。我可以尝试尝试发布 /签名的其他方法吗?
秘密密钥文件的名称很重要? secring.gpg
I am trying to publish a Java library to maven central repository.
I have never done this before. This project is for testing purposes. When I figure out
how to properly publish a project, I will then publish an actual library.
My goal is to be able to add this project as a dependency for other projects.
I know I could include it as a .jar, but I want to learn about other ways of importing dependencies.
While running the task:
./gradlew publish
in my project root folder, I get the build error:
> Task :signMavenJavaPublication FAILED
Caching disabled for task ':signMavenJavaPublication' because:
Build cache is disabled
Task ':signMavenJavaPublication' is not up-to-date because:
Task has failed previously.
:signMavenJavaPublication (Thread[Execution worker for ':',5,main]) completed. Took 0.004 secs.
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':signMavenJavaPublication'.
> Cannot perform signing task ':signMavenJavaPublication' because it has no configured signatory
EDIT:
I have made some progress. I will post this at the bottom of the question.
For the past four days, I have been trying to figure out why. I will post the build code further below, but first I will go through all the steps I followed to be able to publish to the central repository in the first place.
My gradle experience is limited, but I think I know the basics.
I have read various documentation on:
central.sonatype.org
Gradle
for how to publish / sign. I don't know exactly what i am doing or why.
-
Apply for a GroupID on Sonatype Jira. This issue/ticket is resolved. And I should be able to publish SNAPSHOT and release artifacts to s01.oss.sonatype.org. My GroupID is my github domain. So, as far as I know, this lets me publish my projects / libraries under "io.github.username".
-
Download and set up GnuPG:
At some point in the set up I was asked to create a GnuPG password (signing.password).
Don't remember when.
gpg --gen-key
Entering my name and email. Now I can type:
gpg -K
And I get the following (not actual values):
sec ed25519 2022-05-25 [SC] [expires: 2024-05-24]
****************************************
uid [ultimate] My Name <[email protected]>
ssb cv25519 2022-05-25 [E] [expires: 2024-05-24]
So, the **************************************** is the password I am using. (the final 8 digits).
Now I export the key.(I think it creates my secret key right?):
gpg --export-secret-keys ******** > C:\users\username\secring.gpg
As far as I know, this could be any folder. As long as the folder corresponds to the:
signing.secretKeyRingFile=\users\username\secring.gpg
in the gradle.properties file.
Also, what would be the correct way to type this?
signing.secretKeyRingFile=\users\username\secring.gpg
signing.secretKeyRingFile=C:\users\username\secring.gpg
signing.secretKeyRingFile=C:\\users\\username\\secring.gpg
signing.secretKeyRingFile="C:\\users\\username\\secring.gpg"
(I think I have tried all the variations)
Then I need to send the public key to some key server. And there are some alternatives:
- keyserver.ubuntu.com
- keys.openpgp.org
- pgp.mit.edu
I have tried to send it to all of them.
gpg --keyserver hkp://keyserver.ubuntu.com --send-keys ****************************************
And to can check if the server received the key:
gpg --keyserver hkp://keyserver.ubuntu.com --search-key '[email protected]'
And they got it. At least the server responds with the last 16 or so digits of the key.
- So at this point I set up a simple java test project named "Storage". Pushing it to my github repo. under the same name.
- And now we can get to the gradle files. Keep in mind, I'm not entirely sure if this is correct. If I left out something, or something is unnecessary. Please let me know.
build.gradle
plugins {
id 'java-library'
id 'signing'
id 'maven-publish'
}
group 'io.github.username'
version '0.0.1'
repositories {
mavenCentral()
maven { url "http://repo.maven.apache.org/maven2" }
maven { url "https://oss.sonatype.org/content/repositories/snapshots/" }
}
dependencies {}
java {
withJavadocJar()
withSourcesJar()
}
publishing {
publications {
mavenJava(MavenPublication) {
groupId = 'io.github.username'
artifactId = 'storage'
version = '0.0.1'
from components.java
pom {
name = 'Storage'
description = 'Storage is an open-source Java library test'
url = 'https://github.com/username/Storage'
inceptionYear = '2022'
licenses {
license {
name = 'MIT License'
url = 'http://www.opensource.org/licenses/mit-license.php'
}
}
developers {
developer {
id = 'sonatype-username'
name = 'Full Name'
email = '[email protected]'
}
}
scm {
connection = 'scm:git:git://github.com/username/Storage.git'
developerConnection = 'scm:git:ssh://github.com/username/Storage.git'
url = 'https://github.com/username/Storage'
}
}
}
}
repositories {
maven {
name = "OSSRH"
url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"
credentials {
username = project.properties["ossrhUsername"]
password = project.properties["ossrhPassword"]
}
}
}
}
signing {
sign publishing.publications.mavenJava
}
javadoc {
if(JavaVersion.current().isJava9Compatible()) {
options.addBooleanOption('html5', true)
}
}
gradle-wrapper.properties
# auto-generated
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
# Sonatype variables
ossrhUsername=username
ossrhPassword=password
# GnuPG
signing.keyId=********
singing.password=GnpPassword
signing.secretKeyRingFile=\Users\username\secring.gpg
settings.gradle
rootProject.name = 'Storage'
That should be it. But I can include versions of various software/tools:
- OS Windows 10
- GnuPG 2.3.6
- Gradle 7.4.2
- Java 13.0.1
- Groovy 3.0.9
PROGRESS:
I got the project published to Nexus repository manager.
So I know for a fact that build.gradle can access my gradle.properties file and can read it's content.
I got the publish task to work by excluding the signing part.
I have sent my key (two keys now) to both:
- keyserver.ubuntu.com
- pgp.mit.edu
keys.openpgp.org does not seem to work. I get gpg: keyserver send failed: Certificate expired
When i send a key to a server I use the FULL KEY ID.
I can query a server to see if they in fact received the keys: gpg --keyserver hkp://keyserver.ubuntu.com --search-key '[email protected]'
And both servers have received 2 keys:
(1) My Name <[email protected]>
263 bit EDDSA key ****************, created: 2022-05-28
(2) My Name <[email protected]>
263 bit EDDSA key ****************, created: 2022-05-25
Keys 1-2 of 2 for "[email protected]". Enter number(s), N)ext, or Q)uit >
The **************** is in fact the last numerals of my keys. It has to be right. Should I only send the last 8 numerals of the key to a server?
And the singing.password I use is the same choose when creating a key.
But for some esoteric reason. The signing still does not work. Is there no way to pinpoint the EXACT reason for failure?
Please, take a look at my build.gradle. Is there an alternative way to publishing / signing i could try instead?
Does the name of the secret key file matter? secring.gpg
发布评论
评论(3)
如果您在2023年使用Gradle 7+遇到此错误:
请查看此步骤指南
“如何与Gradle一起发布到Maven Central”的代码示例。
PS:我是作者。
If you are getting this error in 2023 with Gradle 7+:
Take a look at this step by step guide with
code examples for "how to publish to maven central with Gradle".
https://github.com/davidweber411/how-to-publish-to-maven-central-with-gradle
PS: I am the author.
错误部分:
基本上说您的签名任务无法弄清执行所需的签名信息。很可能找不到您的
gradle-wrapper.properties文件。您可以做的是尝试将它们放入Main
gradle.properties文件中,然后查看它的发展。至于文件夹:gradle依赖于
java.io.file其与路径相关的操作,这意味着它也应该能够处理前向斜线。一个好的方法,尤其是当您设置新配置并且出于路径原因而失败时,将所有内容都直接放入您确定 gradle(或任何其他系统/构建的文件夹中)能够看到它。在您的情况下,它将是gradle home或build.gradle所在的同一文件夹。然后,完成所有工作后,您可以根据自己的意愿进行重组并放置配置。
编辑< / strong>:
在构建 /脚本 /执行的内容时找到一种方法总是一个好主意。因此,对于Gradle,您可以使用println打印属性名称:
或者您可以打印当前目录:
我希望这有点有帮助。
以下问题可能包含更多详细信息,并为您提供提示:
https://stackoverflow.com/a/a/a/67115705/1777154 < /a >
https://stackoverflow.com/a/a/68505768/177154
The error piece:
basically says that your signing task is not able to figure out the signature info it needs to execute. Most likely it cannot find your
gradle-wrapper.propertiesfile.What you can do is to try to put them in the main
gradle.propertiesfile and see how it goes.As for the folders: Gradle relies on
java.io.Filefor its path related operations which means it should be able to handle forward slashes as well.A good approach, especially when you are setting up a new configuration and you see it failing for path reasons, is to put everything straight into the folder where you're sure Gradle (or any other system/build) is able to see it. In your case that would be either gradle home or same folder where your build.gradle is. Then, after you get everything to work, you can reorganize and put configs however you like.
EDIT:
It is also always a good idea to find a way how to printout something while your build / script / whatever is executing. So, for Gradle you can use println to print a property name:
Or you can print a current directory:
I hope that this helps a bit.
Below questions might contain some more details and give you a hint too:
https://stackoverflow.com/a/67115705/177154
https://stackoverflow.com/a/68505768/177154
对于我的情况,gradle无法使用默认交易的文件读取文件,
因此我必须手动读取PGP文件的内容
完整代码
For my case gradle could not read the defaultSecretKey file using
So I had to manually read the content of the pgp file
Full code