gpg --gen-keyThis document contains some technical notes on deploying a Yawg release to the Maven Central repository. For the exact steps to follow when createing a new Yawg release please see Creating a release of the Yawg software.
The information contained in this document was gleaned from the following sources:
Actions that have to be performed only once:
Actions that have to be performed for each time a new Yawg release is created:
A GPG key is required for signing the build artifacts that are uploaded to Maven central. That same GPG key will be used by Sonatype Nexus for validating the artifacts as part of the steps for deploying to Maven Central. That GPG key thus needs to be available from one of the more common GPG key servers.
This section describes how to create a GPG key, and distribute it to one GPG key server.
The GPG tools are available in a standard package in most Linux distributions. You will need to manually install the appropriate package for your platform.
CentOS: gnupg2
Ubuntu: gnupg
Cygwin: gnupg
To generate the actual GPG key run the following command:
gpg --gen-keyThe above command will request some information. An example follows:
Please select what kind of key you want: -- (1) RSA and RSA (default) What keysize do you want? (2048) -- 2048 Key is valid for? (0) -- 0 = key does not expire Real name: -- My Name Email address: -- myemail@somewhere.com Comment: --
Some useful commands follow.
List local keys:
gpg --list-keys
Search key in key server:
gpg --keyserver hkp://keys.gnupg.net --search-key 'myemail@somewhere.com'
The new GPG key must be distributed to one of the GPG key servers that Sonatype uses when validating GPG keys.
gpg --keyserver hkp://keys.gnupg.net --send-key 701FCC65
A Sonatype JIRA account is required for opening a ticket to register the Yawg project on OSSRH.
To create a Sonatype JIRA account go to https://issues.sonatype.org/ and select the link for signing up for a new account.
As an example used in commands, and files below:
Username: myusername
Email: myemail@somewhere.com
The same username and password will also be used to login into Sonatype Nexus later on.
To register the Yawg project on OSSRH a Jira ticket must be opened for submitting the request.
Login with the credentials defined in the previous section.
Create a new ticket with "Issue Type" as "New Project".
Wait for an email from Sonatype with confirmation the project has been created.
In the case of the Ywag project the ticket was https://issues.sonatype.org/browse/OSSRH-31607
Add to the distributionManagement element an entry for the Open
Source Software Repository Hosting (OSSRH) repository.
<distributionManagement>
<repository>
<id>yawg.ossrh</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>Add the OSSRH Jira credentials, and the GnuPG key credentials to your
~/.m2/settings.xml Maven configuration:
<settings>
<servers>
<server>
<id>yawg.ossrh</id>
<username>myusername</username>
<password>XXXXXX</password>
</server>
</servers>
<profiles>
<profile>
<id>yawg-maven-artifacts</id>
<properties>
<gpg.keyname>701FCC65</gpg.keyname>
<gpg.passphrase>XXXXXX</gpg.passphrase>
</properties>
</profile>
</profiles>
</settings>Make sure the file is readable only by the owner:
chmod 600 ~/.m2/settings.xml
./devtools/bin/build-bundle --release
Login into https://oss.sonatype.org/
Look for the latest staging repo named comvarmateo
Click the Close action for the repository. This will prepare the
staging repository for being copied to Maven Central.
Click the Release action for the repository. This will copy the
staging repository to Maven Central. This process can take some
minutes to complete. You can confirm the process has completed by
checking on Maven Central at
https://repo1.maven.org/maven2/com/varmateo/yawg/yawg-api/ that the
new version is there.