java – Maven’deploy’导致签名操作后的代码重新打包(BAD签名)
发布时间:2020-12-15 02:10:44 所属栏目:Java 来源:网络整理
导读:我想将一个工件部署到Sonatype OSS存储库. 使用以下命令部署时,签名无效. mvn clean source:jar javadoc:jar install gpg:sign deploy gpg --verify target/security-versions-1.0.1.jar.ascgpg: assuming signed data in 'target/security-versions-1.0.
我想将一个工件部署到Sonatype OSS存储库.
使用以下命令部署时,签名无效. mvn clean source:jar javadoc:jar install gpg:sign deploy > gpg --verify target/security-versions-1.0.1.jar.asc gpg: assuming signed data in 'target/security-versions-1.0.1.jar' gpg: Signature made 10/20/15 11:45:50 Eastern Daylight Time using RSA key ID 63E38ACF gpg: BAD signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate] 如果我删除部署目标,则签名是好的. mvn clean source:jar javadoc:jar install gpg:sign > gpg --verify target/security-versions-1.0.1.jar.asc gpg: assuming signed data in 'target/security-versions-1.0.1.jar' gpg: Signature made 10/20/15 11:54:34 Eastern Daylight Time using RSA key ID 63E38ACF gpg: Good signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate] 我意识到,在标志操作之后,罐子被第二次打包. 有问题的操作: [INFO] --- maven-gpg-plugin:1.5:sign (default-cli) @ security-versions --- You need a passphrase to unlock the secret key for user: "Philippe Arteau <philippe.arteau@gmail.com>" 4096-bit RSA key,ID 63E38ACF,created 2013-05-12 [...] [INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ security-versions --- [INFO] Building jar: C:Codeworkspace-javamaven-security-versionstargetsecurity-versions-1.0.1.jar [INFO] [INFO] --- maven-plugin-plugin:3.2:addPluginArtifactMetadata (default-addPluginArtifactMetadata) @ security-versions --- [INFO] [INFO] --- maven-source-plugin:2.2.1:jar-no-fork (default) @ security-versions --- [INFO] Building jar: C:Codeworkspace-javamaven-security-versionstargetsecurity-versions-1.0.1-sources.jar 由于编译和包装已经发生,因此不应该完成第二部分. 解决方法
您不应该同时运行安装和部署.否则,您将运行两次包装步骤.
我建议仅使用部署.看看这个post. (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |