linux 发布jar到maven中央仓库
linux 中发布与 windows 中发布不同点仅在于公钥证书生成方式不同,本文着重讲解该部分。
前戏
- 注册
sonatype
账号 - 提交 issue
- 验证通过。
这里我们假设你已经在做过这些步骤了(如在windows中发布过,但没在linux中发布过),故暂不展开,详细步骤参考这里。
安装 gnupg
安装 gnupg 用来加密传输和签名,windows 则使用 Gpg4win
yum install -y gnupg
创建自己的公钥信息
与windows中一样,发布前要将自己的公钥发布。输入以下命令创建非对称密钥对
gpg --gen-key
根据提示做选择,我这里选择了RSA 2048 算法,有效期为3年。然后输入基本信息最后输入密码。
[root@xxx shoulder-framework]# gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: directory `/root/.gnupg' created
gpg: new configuration file `/root/.gnupg/gpg.conf' created
gpg: WARNING: options in `/root/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/root/.gnupg/secring.gpg' created
gpg: keyring `/root/.gnupg/pubring.gpg' created
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0) 3y
Key expires at Sat 22 Jul 2023 12:51:15 AM CST
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: cnlym
Email address: xxx@foxmail.com
Comment: itlym.cn
You selected this USER-ID:
"cnlym (itlym.cn) <xxx@foxmail.com>"
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
生成阶段会提示以下信息
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
意思是让我们随便干点事情(如随便敲敲键盘),它通过我们的随机输入来生成随机数.生成速度和密钥长度、对系统的操作频繁度有关。
如果实在是不想等,可以使用 rng-tools
工具。
- 安装:
apt-get install rng-tools
或yum install rng-tools
进行安装 - 然后执行
rngd -r /dev/urandom
生成随机密钥 - 然后重新执行刚才的
gpg --gen-key
将自己的公钥信息发布出去
查看公钥
gpg --list-keys
结果如下
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/819E00CF 2020-07-21
uid cnlym (itlym.cn) <cn_lym@foxmail.com>
sub 2048R/E80CD7FB 2020-07-21
其中 pub 那行的 819E00CF
就是公钥的 指纹信息
发布公钥
gpg --keyserver hkp://pool.sks-keyservers.net --send-keys 你的公钥指纹
修改 settings.xml(可选)
在 maven 的settings.xml 保存你刚刚输入的证书密码
<servers>
<server>
<!-- OSS maven中央仓库 -->
<id>oss</id>
<username>你的账号</username>
<password>你的密码</password>
</server>
<server>
<id>gpg.passphrase</id>
<passphrase>xxx</passphrase>
</server>
</servers>
发布 jar
执行以下命令,将自动编译,并发布到中央仓库。其中 oss 是自己命名的中央仓库server的id。
mvn clean deploy -P oss
如果没有修改 settings.xml ,则需在命令后添加 -Darguments="gpg.passphrase=证书密码"
或执行时根据提示交互式填写。
完成后,大概2小时之后就能用了
结语
以后就可以通过 CICD
来自动完成发布啦~ 如 git 提交信息中包含 release
则自动编译、构建、测试、发布、钉钉通知~