发布Jar到maven中央仓库

账号注册

首先我们要先注册sonatype账号,访问地址sonatype输入必须的内容就可以成功注册一个账号,不过对密码就有一些特殊的安全要求,正确注册就可以了。

sonatype工单

新建工单

点击新建按钮,项目选择open的那个,问题类型选择new project,概要,描述随便写就ok了
新建工单
新建完成后如下图:
完整工单

添加txt记录

如上边的图所示,它为了验证你是域名的所有者,会让你去解析一条txt记录。两种方案选一种就可以了,我这里选择的是添加一条txt的记录,如下图所示,我这里是不清楚规则,提交了两个工单,所以添加了两条记录,最后其中一个工单被认为是重复提交,已关闭。其中记录值填写你的工单地址,下图中框住的部分,主机记录就是jira tiket.
txt解析
这里txt解析的值来源就是你的问题url,如下:
txt值
解析完后就可以再等待审核了,我的大概是凌晨3点进行的审核,通过以后会有邮件通知,工单下边也有评论,此时我们就可以准备发布我们的jar包了。

com.iminling has been prepared, now user(s) yslao can:
Publish snapshot and release artifacts to https://oss.sonatype.org
Have a look at this section of our official guide for deployment instructions:
https://central.sonatype.org/pages/ossrh-guide.html#deployment

Please comment on this ticket when you've released your first component(s), so we can activate the sync to Maven Central.
Depending on your build configuration, this might happen automatically. If not, you can follow the steps in this section of our guide:
https://central.sonatype.org/pages/releasing-the-deployment.html

发布准备

gpg安装

mac安装gpg

这里利用brew进行安装

brew install gpg

windows安装gpg

windows安装了git客户端就自带了这个功能

查看gpg版本

有些安装成功后是gpg,有些是gpg2,所以根据自己的情况进行查看

$ gpg --version
gpg (GnuPG) 2.2.13-unknown
libgcrypt 1.8.4
Copyright (C) 2019 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: /c/Users/kongh/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

# 或者使用gpg2,就看自己的电脑上哪个命令可以运行.

生成key

mac生成

$ gpg --gen-key
gpg (GnuPG) 2.2.27; Copyright (C) 2021 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

注意:使用 “gpg --full-generate-key” 以获得一个功能完整的密钥产生对话框。

GnuPG 需要构建用户标识以辨认您的密钥。

真实姓名: yslao
电子邮件地址: yslao@outlook.com
您选定了此用户标识:
    “yslao <yslao@outlook.com>”

更改姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)? O
我们需要生成大量的随机字节。在质数生成期间做些其他操作(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会获得足够的熵。
我们需要生成大量的随机字节。在质数生成期间做些其他操作(敲打键盘
、移动鼠标、读写硬盘之类的)将会是一个不错的主意;这会让随机数
发生器有更好的机会获得足够的熵。
gpg: /Users/konghang/.gnupg/trustdb.gpg:建立了信任度数据库
gpg: 密钥 84040E735F931A32 被标记为绝对信任
gpg: 目录‘/Users/konghang/.gnupg/openpgp-revocs.d’已创建
gpg: 吊销证书已被存储为‘/Users/konghang/.gnupg/openpgp-revocs.d/DD1E1B8213D07DA46FC3F2B684040E735F931A32.rev’
公钥和私钥已经生成并被签名。

pub   rsa3072 2021-02-20 [SC] [有效至:2023-02-20]
      DD1E1B8213A07DA46FC3F2B684040E735F931A32
uid                      yslao <yslao@outlook.com>
sub   rsa3072 2021-02-20 [E] [有效至:2023-02-20]

期间会让输入密码,请牢记次密码,发布jar的时候要用到。如下图所示:
密码

windos生成

基本和mac差不多,也请牢记住密码。

$ gpg --gen-key
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/c/Users/kongh/.gnupg' created
gpg: keybox '/c/Users/kongh/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: yslao
Email address: yslao@outlook.com
You selected this USER-ID:
    "yslao <yslao@outlook.com>"

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /c/Users/kongh/.gnupg/trustdb.gpg: trustdb created
gpg: key 7204BFB944405DA7 marked as ultimately trusted
gpg: directory '/c/Users/kongh/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/c/Users/kongh/.gnupg/openpgp-revocs.d/C87B0403E54AB05D431E5C1A7204BFB944405DA7.rev'
public and secret key created and signed.

pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CB05D431E5C1A7204BFB944405DA7
uid                      yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

key操作

查看key

$ gpg --list-keys
gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2023-02-20
/c/Users/kongh/.gnupg/pubring.kbx
---------------------------------
pub   rsa2048 2021-02-20 [SC] [expires: 2023-02-20]
      C87B0403E54CD05D431E5C1A7204BFB944405DA7
uid           [ultimate] yslao <yslao@outlook.com>
sub   rsa2048 2021-02-20 [E] [expires: 2023-02-20]

发布public key

# 命令格式:gpg --keyserver [key的服务器](这个有很多,随便找一个就行了) --send-keys [key] key就是查看key操作中pub对应的那串字符串
$ gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys C87B0403E54CD05D431E5C1A7204BFB944405DA7
gpg: sending key 7204BFB944405DA7 to hkp://keyserver.ubuntu.com:11371

处理过期key(没有试验过,仅记录)

# 先用list-keys列出key列表
gpg --list-keys
# 编辑某个key
$ gpg --edit-key C87B0403E54AB05D431E5C1A7204BFB944405DA7
gpg (GnuPG) 2.2.13-unknown; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1). yslao <yslao@outlook.com>
# 选择需要修改的id
gpg> 1

sec  rsa2048/7204BFB944405DA7
     created: 2021-02-20  expires: 2023-02-20  usage: SC
     trust: ultimate      validity: ultimate
ssb  rsa2048/B9A87F6417B16CA8
     created: 2021-02-20  expires: 2023-02-20  usage: E
[ultimate] (1)* yslao <yslao@outlook.com>
# 输入expire设置过期时间
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
# 输入 10m 代表10个月, 然后回车
10m
# 输入save进行保存,延长有效期
gpg> save

pom.xml和setting.xml修改

Distribution 管理

修改pom.xml, 添加以下代码

<!--父级是project-->
<distributionManagement>
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
    <repository>
        <id>ossrh</id>
        <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
</distributionManagement>

<build>
  <plugins>
    <plugin>
      <groupId>org.sonatype.plugins</groupId>
      <artifactId>nexus-staging-maven-plugin</artifactId>
      <version>1.6.7</version>
      <extensions>true</extensions>
      <configuration>
        <serverId>ossrh</serverId>
        <nexusUrl>https://oss.sonatype.org/</nexusUrl>
        <autoReleaseAfterClose>true</autoReleaseAfterClose>
      </configuration>
    </plugin>
  </plugins>
</build>

认证配置

setting.xml中添加认证信息,此处的id要和pom文件中的distributionManagementsnapshotRepositoryrepository的id保持一致.

<settings>
  <servers>
    <server>
      <id>ossrh</id>
      <!-- username就是注册sonatype时的username -->
      <username>your-jira-id</username>
      <!-- password就是注册sonatype时的password -->
      <password>your-jira-pwd</password>
    </server>
  </servers>
</settings>

javadoc和源代码管理

在pom.xml中添加配置如下

<build>
  <plugins>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-source-plugin</artifactId>
      <version>2.2.1</version>
      <executions>
        <execution>
          <id>attach-sources</id>
          <goals>
            <goal>jar-no-fork</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-javadoc-plugin</artifactId>
      <version>2.9.1</version>
      <executions>
        <execution>
          <id>attach-javadocs</id>
          <goals>
            <goal>jar</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>

gpg签名组件配置

在pom中添加gpg插件

<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <version>1.5</version>
    <executions>
        <execution>
            <id>sign-artifacts</id>
            <phase>verify</phase>
            <goals>
                <goal>sign</goal>
            </goals>
        </execution>
    </executions>
</plugin>

在setting.xml中添加gpg profile配置,gpg.executable属性要根据自己的电脑环境进行添加.

<settings>
  <profiles>
    <profile>
      <id>ossrh</id>
      <activation>
        <activeByDefault>true</activeByDefault>
      </activation>
      <properties>
        <!--这里根据实际情况填写gpg或gpg2,看自己的环境能使用哪个命令-->
        <gpg.executable>gpg2</gpg.executable>
        <!--passphrase就是我们在gpg安装生成key的时候设置的-->
        <gpg.passphrase>the_pass_phrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
</settings>

Nexus Staging Maven插件,用于部署和发布

在pom.xml中添加以下内容

<plugin>
  <groupId>org.sonatype.plugins</groupId>
  <artifactId>nexus-staging-maven-plugin</artifactId>
  <version>1.6.7</version>
  <extensions>true</extensions>
  <configuration>
     <serverId>ossrh</serverId>
     <nexusUrl>https://oss.sonatype.org/</nexusUrl>
     <autoReleaseAfterClose>true</autoReleaseAfterClose>
  </configuration>
</plugin>

发布

所有的发布操作确保gpg命令是可以用的,在windows下进行发布一定要注意是在git bash客户端中进行,以确保gpg可以使用.以及发布过程中可能会让你再次输入gpg的密码,这里需要注意一下。

快照版本

项目的版本如果是以-SNAPSHOT结尾的,就会发布到快照仓库,如下:

D:\project\idea\base-iminling-parent>mvn clean deploy
INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0-SNAPSHOT
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0-SNAPSHOT
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0-SNAPSHOT\base-iminling-parent-1.0.0-S
NAPSHOT.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.03
4207-1.pom
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/base-iminling-parent-1.0.0-20210220.034
207-1.pom (14 kB at 4.8 kB/s)
Downloading from ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/1.0.0-SNAPSHOT/maven-metadata.xml (609 B at 263 B/s)
Uploading to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/content/repositories/snapshots/com/iminling/base-iminling-parent/maven-metadata.xml (292 B at 54 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 15.105 s
[INFO] Finished at: 2021-05-20T11:42:18+08:00
[INFO] ------------------------------------------------------------------------

release版本

项目的版本不是以-SNAPSHOT结尾的,就会发布到release仓库,如下:

D:\project\idea\base-iminling-parent>mvn clean deploy
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.iminling:base-iminling-parent:pom:1.0.0
[WARNING] 'build.pluginManagement.plugins.plugin.(groupId:artifactId)' must be unique but found duplicate declaration of plugin org.sonatype.plugins:nexus-staging-
maven-plugin @ line 326, column 25
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -----------------< com.iminling:base-iminling-parent >------------------
[INFO] Building base-iminling-parent 1.0.0
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ base-iminling-parent ---
[INFO]
[INFO] --- maven-install-plugin:2.4:install (default-install) @ base-iminling-parent ---
[INFO] Installing D:\project\idea\base-iminling-parent\pom.xml to D:\maven-repository\com\iminling\base-iminling-parent\1.0.0\base-iminling-parent-1.0.0.pom
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy (default-deploy) @ base-iminling-parent ---
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/1.0.0/base-iminling-parent-1.0.0.pom (14 kB at 59
7 B/s)
Downloading from ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploading to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml
Uploaded to ossrh: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/iminling/base-iminling-parent/maven-metadata.xml (312 B at 51 B/s)
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 32.049 s
[INFO] Finished at: 2021-02-20T14:11:23+08:00
[INFO] ------------------------------------------------------------------------

遇到的问题

在mac上进行发布的时候遇到下边问题:

[INFO] --- maven-gpg-plugin:1.5:sign (sign-artifacts) @ base-iminling-parent ---
gpg: 签名时失败: Inappropriate ioctl for device
gpg: signing failed: Inappropriate ioctl for device
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 17.069 s
[INFO] Finished at: 2021-02-21T09:36:03+08:00
[INFO] ------------------------------------------------------------------------

上网查询后,原因是 gpg 在当前终端无法弹出密码输入页面。

解决办法很简单:

export GPG_TTY=$(tty)

重新执行,发现会弹出一个密码输入界面。

发布后续

发布后我们还需要在sonatype中问题下方进行评论,来激活同步到maven中心仓库.
激活

版本引用

release

正常引入坐标就可以引用

snapshot

<!--定义snapshots库的地址-->
<repositories>
    <repository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>
    </repository>
</repositories>
<!--经测试,不要下边的应该也是可以的,留着做不时之需-->
<pluginRepositories>
    <pluginRepository>
        <id>sonatype-snapshots</id>
        <name>sonatype-snapshots</name>
        <url>https://oss.sonatype.org/content/repositories/snapshots/</url>
        <snapshots>
            <enabled>true</enabled>
        </snapshots>    
    </pluginRepository>
</pluginRepositories>

后续维护

查看官方文档:https://oss.sonatype.org/#sta...

下边放上我的两个仓库的地址,关于完整pom请查看仓库里的。

100 声望
59 粉丝
0 条评论
推荐阅读
刨根问底 Redis, 面试过程真好使
充满寒气的互联网如何在面试中脱颖而出,平时积累很重要,八股文更不能少!下面带来的这篇 Redis 问答希望能够在你的 offer 上增添一把🔥。

菜农曰17阅读 879

封面图
与RabbitMQ有关的一些知识
工作中用过一段时间的Kafka,不过主要还是RabbitMQ用的多一些。今天主要来讲讲与RabbitMQ相关的一些知识。一些基本概念,以及实际使用场景及一些注意事项。

lpe2348阅读 1.8k

封面图
万字详解,吃透 MongoDB!
MongoDB 是一个基于 分布式文件存储 的开源 NoSQL 数据库系统,由 C++ 编写的。MongoDB 提供了 面向文档 的存储方式,操作起来比较简单和容易,支持“无模式”的数据建模,可以存储比较复杂的数据类型,是一款非常...

JavaGuide4阅读 377

封面图
Git操作不规范,战友提刀来相见!
年终奖都没了,还要扣我绩效,门都没有,哈哈。这波骚Git操作我也是第一次用,担心闪了腰,所以不仅做了备份,也做了笔记,分享给大家。问题描述小A和我在同时开发一个功能模块,他在优化之前的代码逻辑,我在开...

王中阳Go5阅读 2.1k评论 2

封面图
Redis 发布订阅模式:原理拆解并实现一个消息队列
“65 哥,如果你交了个漂亮小姐姐做女朋友,你会通过什么方式将这个消息广而告之给你的微信好友?““那不得拍点女朋友的美照 + 亲密照弄一个九宫格图文消息在朋友圈发布大肆宣传,暴击单身狗。”像这种 65 哥通过朋...

码哥字节6阅读 1.3k

封面图
Maven项目引入本地jar包史上最详细实践方法总结
依次打开IDEA的File – Project Structure – Project Settings – Modules –Dependencies 选项卡区域,点击右上角+号图标,选择1.JARS ordirectories…,再选择java工程根目录下的lib或libs目录下,把所有需要本地引...

apollo0084阅读 16.2k

PHP转Go实践:xjson解析神器「开源工具集」
我和劲仔都是PHP转Go,身边越来越多做PHP的朋友也逐渐在用Go进行重构,重构过程中,会发现php的json解析操作(系列化与反序列化)是真的香,弱类型语言的各种隐式类型转换,很大程度的减低了程序的复杂度。

王中阳Go6阅读 1.4k评论 2

封面图
100 声望
59 粉丝
宣传栏