账号注册
首先咱们要先注册sonatype账号,拜访地址sonatype输出必须的内容就能够胜利注册一个账号,不过对明码就有一些非凡的平安要求,正确注册就能够了。
sonatype工单
新建工单
点击新建按钮,项目选择open的那个,问题类型抉择new project,概要,形容轻易写就ok了
新建实现后如下图:
增加txt记录
如上边的图所示,它为了验证你是域名的所有者,会让你去解析一条txt记录。两种计划选一种就能够了,我这里抉择的是增加一条txt的记录,如下图所示,我这里是不分明规定,提交了两个工单,所以增加了两条记录,最初其中一个工单被认为是反复提交,已敞开。其中记录值填写你的工单地址,下图中框住的局部,主机记录就是jira tiket.
这里txt解析的值起源就是你的问题url,如下:
解析完后就能够再期待审核了,我的大略是凌晨3点进行的审核,通过当前会有邮件告诉,工单下边也有评论,此时咱们就能够筹备公布咱们的jar包了。
com.iminling has been prepared, now user(s) yslao can:Publish snapshot and release artifacts to https://oss.sonatype.orgHave a look at this section of our official guide for deployment instructions:https://central.sonatype.org/pages/ossrh-guide.html#deploymentPlease comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central.Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide:https://central.sonatype.org/pages/releasing-the-deployment.html公布筹备
gpg装置
mac装置gpg
这里利用brew进行装置
brew install gpgwindows装置gpg
windows装置了git客户端就自带了这个性能
查看gpg版本
有些装置胜利后是gpg,有些是gpg2,所以依据本人的状况进行查看
$ gpg --versiongpg (GnuPG) 2.2.13-unknownlibgcrypt 1.8.4Copyright (C) 2019 Free Software Foundation, Inc.License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Home: /c/Users/kongh/.gnupgSupported algorithms:Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSACipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224Compression: Uncompressed, ZIP, ZLIB, BZIP2# 或者应用gpg2,就看本人的电脑上哪个命令能够运行.生成key
mac生成
$ gpg --gen-keygpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.留神:应用 “gpg --full-generate-key” 以取得一个性能残缺的密钥产生对话框。GnuPG 须要构建用户标识以识别您的密钥。实在姓名: yslao电子邮件地址: yslao@outlook.com您选定了此用户标识: “yslao <yslao@outlook.com>”更改姓名(N)、正文(C)、电子邮件地址(E)或确定(O)/退出(Q)? O咱们须要生成大量的随机字节。在质数生成期间做些其余操作(敲打键盘、挪动鼠标、读写硬盘之类的)将会是一个不错的主见;这会让随机数发生器有更好的机会取得足够的熵。咱们须要生成大量的随机字节。在质数生成期间做些其余操作(敲打键盘、挪动鼠标、读写硬盘之类的)将会是一个不错的主见;这会让随机数发生器有更好的机会取得足够的熵。gpg: /Users/konghang/.gnupg/trustdb.gpg:建设了信任度数据库gpg: 密钥 84040E735F931A32 被标记为相对信赖gpg: 目录‘/Users/konghang/.gnupg/openpgp-revocs.d’已创立gpg: 撤消证书已被存储为‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’公钥和私钥曾经生成并被签名。pub rsa3072 2021-02-20 [SC] [无效至:2023-02-20] DD1E1B8213A07DA46FC3F2B684040E735F931A32uid yslao <yslao@outlook.com>sub rsa3072 2021-02-20 [E] [无效至:2023-02-20]期间会让输出明码,请牢记次明码,公布jar的时候要用到。如下图所示:
windos生成
根本和mac差不多,也请牢记住明码。
$ gpg --gen-keygpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.gpg: directory '/c/Users/kongh/.gnupg' createdgpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' createdNote: Use "gpg --full-generate-key" for a full featured key generation dialog.GnuPG needs to construct a user ID to identify your key.Real name: yslaoEmail address: yslao@outlook.comYou selected this USER-ID: "yslao <yslao@outlook.com>"Change (N)ame, (E)mail, or (O)kay/(Q)uit? OWe need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.We need to generate a lot of random bytes. It is a good idea to performsome other action (type on the keyboard, move the mouse, utilize thedisks) during the prime generation; this gives the random numbergenerator a better chance to gain enough entropy.gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb createdgpg: key 7204BFB944405DA7 marked as ultimately trustedgpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' createdgpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'public and secret key created and signed.pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20] C87B0403E54CB05D431E5C1A7204BFB944405DA7uid yslao <yslao@outlook.com>sub rsa2048 2021-02-20 [E] [expires: 2023-02-20]key操作
查看key
$ gpg --list-keysgpg: checking the trustdbgpg: marginals needed: 3 completes needed: 1 trust model: pgpgpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1ugpg: next trustdb check due at 2023-02-20/c/Users/kongh/.gnupg/pubring.kbx---------------------------------pub rsa2048 2021-02-20 [SC] [expires: 2023-02-20] C87B0403E54CD05D431E5C1A7204BFB944405DA7uid [ultimate] yslao <yslao@outlook.com>sub rsa2048 2021-02-20 [E] [expires: 2023-02-20]公布public key
# 命令格局:gpg --keyserver [key的服务器](这个有很多,轻易找一个就行了) --send-keys [key] key就是查看key操作中pub对应的那串字符串$ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371解决过期key(没有试验过,仅记录)
# 先用list-keys列出key列表gpg --list-keys# 编辑某个key$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.This is free software: you are free to change and redistribute it.There is NO WARRANTY, to the extent permitted by law.Secret key is available.sec rsa2048/7204BFB944405DA7 created: 2021-02-20 expires: 2023-02-20 usage: SC trust: ultimate validity: ultimatessb rsa2048/B9A87F6417B16CA8 created: 2021-02-20 expires: 2023-02-20 usage: E[ultimate] (1). yslao <yslao@outlook.com># 抉择须要批改的idgpg> 1sec rsa2048/7204BFB944405DA7 created: 2021-02-20 expires: 2023-02-20 usage: SC trust: ultimate validity: ultimatessb rsa2048/B9A87F6417B16CA8 created: 2021-02-20 expires: 2023-02-20 usage: E[ultimate] (1)* yslao <yslao@outlook.com># 输出expire设置过期工夫gpg> expireChanging expiration time for the primary key.Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n yearsKey is valid for? (0)# 输出 10m 代表10个月, 而后回车10m# 输出save进行保留,缩短有效期gpg> savepom.xml和setting.xml批改
Distribution 治理
批改pom.xml, 增加以下代码
<!--父级是project--><distributionManagement> <snapshotRepository> <id>ossrh</id> <url>https://oss.sonatype.org/content/repositories/snapshots</url> </snapshotRepository> <repository> <id>ossrh</id> <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url> </repository></distributionManagement><build> <plugins> <plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.6.7</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration> </plugin> </plugins></build>认证配置
在setting.xml中增加认证信息,此处的id要和pom文件中的distributionManagement下snapshotRepository和repository的id保持一致.
<settings> <servers> <server> <id>ossrh</id> <!-- username就是注册sonatype时的username --> <username>your-jira-id</username> <!-- password就是注册sonatype时的password --> <password>your-jira-pwd</password> </server> </servers></settings>javadoc和源代码治理
在pom.xml中增加配置如下
<build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-source-plugin</artifactId> <version>2.2.1</version> <executions> <execution> <id>attach-sources</id> <goals> <goal>jar-no-fork</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>2.9.1</version> <executions> <execution> <id>attach-javadocs</id> <goals> <goal>jar</goal> </goals> </execution> </executions> </plugin> </plugins></build>gpg签名组件配置
在pom中增加gpg插件
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.5</version> <executions> <execution> <id>sign-artifacts</id> <phase>verify</phase> <goals> <goal>sign</goal> </goals> </execution> </executions></plugin>在setting.xml中增加gpg profile配置,gpg.executable属性要依据本人的电脑环境进行增加.
<settings> <profiles> <profile> <id>ossrh</id> <activation> <activeByDefault>true</activeByDefault> </activation> <properties> <!--这里依据理论状况填写gpg或gpg2,看本人的环境能应用哪个命令--> <gpg.executable>gpg2</gpg.executable> <!--passphrase就是咱们在gpg装置生成key的时候设置的--> <gpg.passphrase>the_pass_phrase</gpg.passphrase> </properties> </profile> </profiles></settings>Nexus Staging Maven插件,用于部署和公布
在pom.xml中增加以下内容
<plugin> <groupId>org.sonatype.plugins</groupId> <artifactId>nexus-staging-maven-plugin</artifactId> <version>1.6.7</version> <extensions>true</extensions> <configuration> <serverId>ossrh</serverId> <nexusUrl>https://oss.sonatype.org/</nexusUrl> <autoReleaseAfterClose>true</autoReleaseAfterClose> </configuration></plugin>公布
所有的公布操作确保gpg命令是能够用的,在windows下进行公布肯定要留神是在git bash客户端中进行,以确保gpg能够应用.以及公布过程中可能会让你再次输出gpg的明码,这里须要留神一下。
快照版本
我的项目的版本如果是以-SNAPSHOT结尾的,就会公布到快照仓库,如下:
D:\project\idea\base-iminling-parent>mvn clean deployINFO] Scanning for projects...[WARNING][WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-maven-plugin @ line 326, column 25[WARNING][WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.[WARNING][WARNING] For this reason, future Maven versions might no longer support building such malformed projects.[WARNING][INFO][INFO] -----------------< com.iminling:base-iminling-parent >------------------[INFO] Building base-iminling-parent 1.0.0-SNAPSHOT[INFO] --------------------------------[ pom ]---------------------------------[INFO][INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---[INFO][INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-SNAPSHOT.pom[INFO][INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xmlUploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034207-1.pomUploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034207-1.pom (14 kB at 4.8 kB/s)Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xmlUploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xmlUploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s)Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xmlUploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s)[INFO] ------------------------------------------------------------------------[INFO] BUILD SUCCESS[INFO] ------------------------------------------------------------------------[INFO] Total time: 15.105 s[INFO] Finished at: 2021-05-20T11:42:18+08:00[INFO] ------------------------------------------------------------------------release版本
我的项目的版本不是以-SNAPSHOT结尾的,就会公布到release仓库,如下:
D:\project\idea\base-iminling-parent>mvn clean deploy[INFO] Scanning for projects...[WARNING][WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-maven-plugin @ line 326, column 25[WARNING][WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.[WARNING][WARNING] For this reason, future Maven versions might no longer support building such malformed projects.[WARNING][INFO][INFO] -----------------< com.iminling:base-iminling-parent >------------------[INFO] Building base-iminling-parent 1.0.0[INFO] --------------------------------[ pom ]---------------------------------[INFO][INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---[INFO][INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom[INFO][INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pomUploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 597 B/s)Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xmlUploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xmlUploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s)[INFO] ------------------------------------------------------------------------[INFO] BUILD SUCCESS[INFO] ------------------------------------------------------------------------[INFO] Total time: 32.049 s[INFO] Finished at: 2021-02-20T14:11:23+08:00[INFO] ------------------------------------------------------------------------遇到的问题
在mac上进行公布的时候遇到下边问题:
[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent ---gpg: 签名时失败: Inappropriate ioctl for devicegpg: signing failed: Inappropriate ioctl for device[INFO] ------------------------------------------------------------------------[INFO] BUILD FAILURE[INFO] ------------------------------------------------------------------------[INFO] Total time: 17.069 s[INFO] Finished at: 2021-02-21T09:36:03+08:00[INFO] ------------------------------------------------------------------------上网查问后,起因是 gpg 在以后终端无奈弹出明码输出页面。
解决办法很简略:
export GPG_TTY=$(tty)从新执行,发现会弹出一个明码输出界面。
公布后续
公布后咱们还须要在sonatype中问题下方进行评论,来激活同步到maven核心仓库.
版本援用
release
失常引入坐标就能够援用
snapshot
<!--定义snapshots库的地址--><repositories> <repository> <id>sonatype-snapshots</id> <name>sonatype-snapshots</name> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> </repository></repositories><!--经测试,不要下边的应该也是能够的,留着做不时之需--><pluginRepositories> <pluginRepository> <id>sonatype-snapshots</id> <name>sonatype-snapshots</name> <url>https://oss.sonatype.org/content/repositories/snapshots/</url> <snapshots> <enabled>true</enabled> </snapshots> </pluginRepository></pluginRepositories>后续保护
查看官网文档:https://oss.sonatype.org/#sta...
下边放上我的两个仓库的地址,对于残缺pom请查看仓库里的。
- base-iminling-parent, 父pom
- base-iminling-core, 一个根底jar,具体见仓库READEME.md