踩坑感想
java程序员咋能没有jar包在maven中央仓库呢?抱着这样的心态我准备把自己的一个小项目发布到maven中央仓库。虽然网上的教程很多,但是嘛,总有意外,所以记录下我的踩坑过程。
向maven中央仓库发布自己的jar包的基本步骤
因为maven不能直接向中央仓库发布jar包,而是向和maven合作的第三方仓库发布,然后再由第三方仓库把jar同步到中央仓库。我们今天用的第三方仓库是sonatype。下面就是主要步骤:
1.要往sonatype发布jar包,第一步先要向注册一个sonatype的账号
注册地址:https://issues.sonatype.org/secure/Signup!default.jspa
需要填写Email, Full Name, Username以及password,其中Username与Password后面的步骤需要用到,请记下来。
2.申请一个issue
(1)新建一个issue
通过创建issue来申请发布新的jar包,Sonatype的工作人员会进行审核,审核不算严格,一般按照要求填写不会有问题。
创建链接:https://issues.sonatype.org/secure/CreateIssue.jspa
创建issue的时候需要填写下面这些信息:
- Description 项目描述
- Group Id 组织名
- Project URL 在代码管理平台(类似GitHub,gitee)项目的地址
- SCM url 项目的git地址
可以参考下我发布的orange项目
(2)等待 Issue 审批
审核通过后会收到邮件通知,同时在 Issue 下面会看到 Sonatype 工作人员的回复,一般是添加一个 scomment,内容大致如下:
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="" cid="n32" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">com.gitee.zimmor has been prepared, now user(s) zimmor can:
Publish snapshot and release artifacts to s01.oss.sonatype.org
Have a look at this section of our official guide for deployment instructions:
https://central.sonatype.org/publish/publish-guide/#deploymentDepending on your build configuration, your first component(s) might be released automatically after a successful deployment.
If that happens, you will see a comment on this ticket confirming that your artifact has synced to Maven Central.
If you do not see this comment within an hour or two, you can follow the steps in this section of our guide:
https://central.sonatype.org/publish/release/</pre>这个是工作人员告诉我已经通过了,可以去下面那个地址发布(前两个地址),发布后去下面后两个地址搜索。接下来可以后面的步骤了。
3.PGP
Windows 系统,可以下载 Gpg4win 软件来生成密钥对。下载地址:https://www.gpg4win.org/download.html
(1)查看是否安装成功
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="" cid="n38" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">gpg --version</pre>
出现版本等信息说明安装成功了。
(2)生成密钥对
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="shell" cid="n41" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">gpg --gen-key
Real name: zimmor
Email address: zimmor@qq.com
You selected this USER-ID:
"zimmor zimmor@qq.com.com"Change (N)ame, (E)mail, or (O)kay/(Q)uit? o</pre>
接下来,会让你输入用户名和邮箱,还有一个Passphase(输入两次),相当于密钥库密码,这个要记好,后面要用。
(3)查看公钥
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="" cid="n44" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">C:\Users\zimmor>gpg --list-keys
C:/Users/zimmor/AppData/Roaming/gnupg/pubring.kbx
pub rsa3072 2021-09-26 [SC] [expires: 2023-09-26]
6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE
uid [ultimate] zimmor zimmor@163.com
sub rsa3072 2021-09-26 [E] [expires: 2023-09-26]</pre>这里的6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE就是公钥
(4)将公钥发布到PGP秘钥服务器
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="shell" cid="n47" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">gpg --keyserver hkp://keyserver.ubuntu.com:11371 --send-keys 6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE</pre>
这里的6xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE应该填你的公钥
4.修改maven的主配置文件setting.xml
找到maven的全局配置文件settings.xml,在里面找到 server节点,这个节点默认是注释掉的,增加如下配置:
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="xml" cid="n53" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;"><servers>
<server>
<id>oss</id>
<username>用户名</username>
<password>密码</password>
</server>
</servers></pre>这里的 id 是要在 pom.xml 里面使用的,用户名和密码就是在 Sonatype 上面注册的用户名和密码。
5.修改项目的配置文件pom.xml文件
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="xml" cid="n57" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 0px; width: inherit;"><project>
...
<name>orange</name>
<description>project description</description>
<url></url>
<licenses>
<license>
<name>The Apache Software License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>zimmor</name>
<email>zimmor@163.com</email>
</developer>
</developers>
<scm>
<connection>scm:git:https://github.com/freakchick/orange.git</connection>
<developerConnection>scm:git:https://github.com/freakchick/orange</developerConnection>
<url>git:https://github.com/freakchick/orange.git</url>
</scm><profiles>
<profile>
<id>release</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
<executions>
<execution>
<phase>package</phase>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>oss</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
</snapshotRepository>
<repository>
<id>oss</id>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</profile>
<profile>
<id>oss</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg4</gpg.executable>
<gpg.passphrase>the_pass_phrase</gpg.passphrase>
</properties>
</profile>
</profiles>
...
</project></pre>
6.向sonatype仓库发布自己的jar包
(1)上传到 OSS
<pre class="md-fences md-end-block ty-contain-cm modeLoaded" spellcheck="false" lang="shell" cid="n62" mdtype="fences" style="box-sizing: border-box; overflow: visible; font-family: var(--monospace); font-size: 0.9em; display: block; break-inside: avoid; text-align: left; white-space: normal; background-image: inherit; background-position: inherit; background-size: inherit; background-repeat: inherit; background-attachment: inherit; background-origin: inherit; background-clip: inherit; background-color: rgb(248, 248, 248); position: relative !important; border: 1px solid rgb(231, 234, 237); border-radius: 3px; padding: 8px 4px 6px; margin-bottom: 15px; margin-top: 15px; width: inherit;">mvn clean deploy -P release</pre>
使用此命令发布到oss上
(2)在 OSS 中发布构件
使用 Sonatype 账号登录 https://oss.sonatype.org/#stagingRepositories,可在 Staging Repositories 中查看刚才已上传的构件。
先点击close按钮,最后点击 Release 按钮来发布该构件。手动刷新后看到已经发布。
7.在maven中央仓库确认自己已发布的jar包
发布后官方给出的说明是半小时后jar包可以同步到https://repo1.maven.org/maven2/,4小时后可以同步到 https://search.maven.org
再强调下本次踩的几个坑
新建issue中的groupId中,如果代码管理平台用的是GitHub,sonatype不支持GitHub的二级域名了,例如com.github.zimmor这种了,而是支持io.github.zimmor这种以io开头的域名,如果代码管理平台用的是国内的Gitee,sonatype是支持Gitee的二级域名的,例如com.gitee.zimmor。
maven主配置文件中定义的server的id和项目配置文件中snapshotRepository和repository的配置文件要保持一致。
发布不成功,检查Issue 审批是否成功。
本次坑中的MVP,如果发布到sonatype仓库时报401错误,发布失败,我看了官方的一些解决方案,尝试配置下pgp的版本,我用的是pgp4,配置后就可以发布了,这个地方卡了好长时间,是真的坑。。。就是下面这个配置,上面的pom.xml中也有。
<!--指定GPG版本-->
<profile>
<id>oss</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.executable>gpg4</gpg.executable>
<gpg.passphrase>the_pass_phrase</gpg.passphrase>
</properties>
</profile>