flori10
Reputation: 502
Deploy to Maven Central: gpg: skipped "6919F5E8": No secret key gpg: signing failed: No secret key
Seven years ago or so, I created a Java library and put it on Maven Central. Here is the library on Maven Central
I needed to solve a bug and have now problems getting the new version on Maven Central. The command
mvn deploy
fails because of the gpg plugin.
Here is my pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.github.florianingerl.util</groupId>
<artifactId>regex</artifactId>
<version>1.1.11</version>
<packaging>jar</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>This is a Regular Expressions library for Java. Compared to java.util.regex, it supports Recursive and Conditional Regular Expressions, Capture Trees and Plugins.</description>
<url>https://github.com/florianingerl/com.florianingerl.util.regex</url>
<licenses>
<license>
<name>GNU General Public License, version 2</name>
<url>https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html</url>
<distribution>repo</distribution>
</license>
</licenses>
<scm>
<connection>scm:git:git://github.com/florianingerl/com.florianingerl.util.regex.git</connection>
<developerConnection>scm:git:ssh://github.com/florianingerl/com.florianingerl.util.regex.git</developerConnection>
<url>http://github.com/florianingerl/com.florianingerl.util.regex/tree/master</url>
</scm>
<developers>
<developer>
<name>Florian Ingerl</name>
<email>[email protected]</email>
<organization>Florian Ingerl</organization>
<organizationUrl>https://github.com/florianingerl</organizationUrl>
</developer>
</developers>
<!--
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
</distributionManagement> -->
<distributionManagement>
<snapshotRepository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>ossrh</id>
<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<gpg.keyname>6919F5E8</gpg.keyname>
</properties>
<dependencies>
<!-- https://mvnrepository.com/artifact/junit/junit -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.5</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.5</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.9</source>
<target>1.9</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.2.1</version>
<executions>
<execution>
<id>attach-sources</id>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.6.3</version>
<configuration>
<source>8</source>
<additionalparam>-Xdoclint:none</additionalparam>
</configuration>
<executions>
<execution>
<id>attach-javadocs</id>
<goals>
<goal>jar</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
<!--
<configuration>
<keyname>${gpg.keyname}</keyname>
<passphraseServerId>${gpg.keyname}</passphraseServerId>
</configuration> -->
</execution>
</executions>
</plugin>
<!--
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>false</autoReleaseAfterClose>
</configuration>
</plugin> -->
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.7</version>
<extensions>true</extensions>
<configuration>
<serverId>ossrh</serverId>
<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
</project>
The error message on mvn deploy is:
[INFO] Building jar: C:\Users\imelf\git\com.florianingerl.util.regex\regex\target\regex-1.1.11-javadoc.jar
[INFO]
[INFO] --- gpg:1.5:sign (sign-artifacts) @ regex ---
gpg: skipped "6919F5E8": No secret key
gpg: signing failed: No secret key
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 31.469 s
[INFO] Finished at: 2024-06-02T13:59:18+02:00
I have gpg installed which I can verify by typing
gpg --version
into my terminal, which gives the output
gpg (GnuPG) 2.2.40
libgcrypt 1.10.1-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/imelf/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
I have also read the documentation from Sonatype. The command
gpg --list-signatures
gives me no output at all, nor does
gpg --list-keys
Seven years ago, I have however saved two files private.key and public.key, which I don't know how to use and how to attach to this question.
My GPG installation seems to be in two folders. The name of the first one is Gpg4win. Inside is bin\kleopatra.exe which shows me that I have a certificate. Name: Florian Ingerl (Hobby Java Developer ) Email: ... Gültig bis: 15.2.2029 Schlüssel-Kennung.
The other folder is GnuPG where there is \bin\gpg.exe
It seems (from the output of gpg --list-keys) that I have now no keys although I had one 7 years ago (of course I have deinstalled gpg since then and bought a new computer ).
Do I simply have to create a new key here withgpg --gen-key
So it doesn't matter which key I used for gpg to upload seven years ago?
Upvotes: 0
Views: 55
Answers (0)
Related Questions
- How to suppress Mavens INFO spam without suppressing normal output?
- Git error - gpg failed to sign data
- Why am I getting a "401 Unauthorized" error in Maven?
- Cannot publish to Maven central (keep getting 401)
- How To Host My Telegram Bot [JAVA] Using Heroku & Maven and GitHub?
- Maven Project : Able to run single test separately with TestNG test but unable to run whole project with maven test
- maven compile sometimes fail and sometimes succeed
- Check for life-cycle/phase and file existence in Maven and report error
- Maven 3 - Distribute custom plugin in a .jar?