Gradle
  1. Gradle
  2. GRADLE-1172

Add PGP signature support to the maven plugin

    Details

    • Type: New Feature New Feature
    • Status: Resolved Resolved
    • Resolution: Fixed
    • Affects Version/s: 0.9
    • Fix Version/s: 1.0-milestone-4

      Description

      The Guide to uploading artifacts to the Central Repository lists PGP-Signatures as a requirement for inclusion in the Central Maven Repository.

      I've implemented a basic PGP-Plugin in http://github.com/huxi/huxi-gradle-plugins/tree/master/pgp-gradle-plugin/ expecting those signatures to be optional. Feel free to use anything you like.

      Since signatures are now a requirement for inclusion in the Central Maven Repository I think this functionality should be included in the maven plugin in a way that would sign all created artifacts before they are uploaded if signing is configured.

      The only downside of an inclusion in the maven plugin instead of a separate plugin would be harder to sign distributions (Zip & Tar tasks), too.
      That's another feature that I'd really like to have.

        Issue Links

          Activity

          Hide
          Joern Huxhorn
          added a comment -

          Sonatype OSS Maven Repository Usage Guide has also already listed PGP signatures as a requirement for syncing to the Central Repository, too.

          See 6. Central Sync Requirement.

          I mention this since the PGP signature requirement isn't enforced very strictly so far. Existing repository syncs seem to work without signatures as far as I can tell.

          The configuration used to deploy to the Sonatype OSS Maven Repository must be

          <distributionManagement>
          	<snapshotRepository>
          		<id>sonatype-nexus-snapshots</id>
          		<name>Sonatype Nexus Snapshots</name>
          		<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
          	</snapshotRepository>
          	<repository>
          		<id>sonatype-nexus-staging</id>
          		<name>Nexus Release Repository</name>
          		<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
          	</repository>
          </distributionManagement>
          

          and there is no other option, like rsync or ftp, available.

          This means - if I don't miss anything - that the PGP signatures must really be created during gradle build and must also resemble artifacts deployed by uploadArtifacts.

          Therefore, deploying to the Sonatype OSS Maven Repository isn't yet possible using Gradle.

          Show
          Joern Huxhorn
          added a comment - Sonatype OSS Maven Repository Usage Guide has also already listed PGP signatures as a requirement for syncing to the Central Repository, too. See 6. Central Sync Requirement . I mention this since the PGP signature requirement isn't enforced very strictly so far. Existing repository syncs seem to work without signatures as far as I can tell. The configuration used to deploy to the Sonatype OSS Maven Repository must be <distributionManagement> <snapshotRepository> <id> sonatype-nexus-snapshots </id> <name> Sonatype Nexus Snapshots </name> <url> https://oss.sonatype.org/content/repositories/snapshots/ </url> </snapshotRepository> <repository> <id> sonatype-nexus-staging </id> <name> Nexus Release Repository </name> <url> https://oss.sonatype.org/service/local/staging/deploy/maven2/ </url> </repository> </distributionManagement> and there is no other option, like rsync or ftp , available. This means - if I don't miss anything - that the PGP signatures must really be created during gradle build and must also resemble artifacts deployed by uploadArtifacts. Therefore, deploying to the Sonatype OSS Maven Repository isn't yet possible using Gradle.
          Hide
          Luke Daley
          added a comment -

          This functionality has been added as the “signing” plugin in 1.0-milestone-4.

          Show
          Luke Daley
          added a comment - This functionality has been added as the “signing” plugin in 1.0-milestone-4.

            People

            • Assignee:
              Luke Daley
              Reporter:
              Joern Huxhorn
            • Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: