Title: maven/build.xml does not PGP-sign the publication
Type: behaviour Severity: normal
Components: Any Versions:
Milestone: Jython 2.7.2
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: jeff.allen Nosy List: fwierzbicki, jeff.allen
Priority: normal Keywords:

Created on 2019-10-10.08:39:47 by jeff.allen, last changed 2019-11-01.20:58:07 by jeff.allen.

msg12708 (view) Author: Jeff Allen (jeff.allen) Date: 2019-10-10.08:39:46
In the build, since the pgp command is not necessarily available, and this breaks the build, we have removed the commands that use it to sign the artefacts. However, that's necessary for Sonatype to publish (or an equivalent signing process?).

We should restore the pgp steps, either making them optional or fail-soft.
msg12710 (view) Author: Jeff Allen (jeff.allen) Date: 2019-10-10.08:47:22
Alternatively, document as a manual step.
msg12722 (view) Author: Jeff Allen (jeff.allen) Date: 2019-10-26.16:41:36

As a manual step, this is a bit awkward to do. I found I could modify the maven/build.xml *after* a build at tag 2.7.2b1, circumventing its tendency to build a snapshot.

This, added to macrodef stage, restores the gpg step:

      <!-- Generate a detached signature for each artefact in the bundle. -->
      <exec executable="gpg" dir="${build.maven}">
          <arg value="-ab"/>
          <arg value="@{artifactId}-@{version}.pom"/>

      <exec executable="gpg" dir="${build.maven}">
          <arg value="-ab"/>
          <arg value="@{artifactId}-@{version}.jar"/>

      <exec executable="gpg" dir="${build.maven}">
          <arg value="-ab"/>
          <arg value="@{artifactId}-@{version}-javadoc.jar"/>

      <exec executable="gpg" dir="${build.maven}">
          <arg value="-ab"/>
          <arg value="@{artifactId}-@{version}-sources.jar"/>

It fails if you don't have gpg at all, as the step is not really optional. I won't push that change right now though, taking other blockers to publication as part of this.
msg12732 (view) Author: Jeff Allen (jeff.allen) Date: 2019-10-31.15:27:05
I have managed to make bundles of signed files acceptable to Sonatype.
msg12734 (view) Author: Jeff Allen (jeff.allen) Date: 2019-11-01.20:58:07
Fixed at:
Date User Action Args
2019-11-01 20:58:07jeff.allensetstatus: open -> closed
messages: + msg12734
2019-10-31 15:27:05jeff.allensetresolution: accepted -> fixed
messages: + msg12732
2019-10-26 16:41:50jeff.allensetmessages: - msg12720
2019-10-26 16:41:36jeff.allensetmessages: + msg12722
2019-10-26 12:37:18jeff.allensetassignee: jeff.allen
messages: + msg12720
2019-10-10 08:47:22jeff.allensetmessages: + msg12710
2019-10-10 08:44:51jeff.allensetresolution: accepted
milestone: Jython 2.7.2
2019-10-10 08:39:47jeff.allencreate