Various technical articles, IT-related tutorials, software information, and development journals
Friday, August 9, 2019
Make sure the right POM is being signed
Today I deployed a Gradle project to Maven Central using the signing and maven-publish plugins. Unlike my previous deployments, this project used the Kotlin DSL for its buildscript. I translated the Groovy setup to Kotlin with too much trouble, but when I tried to close the staging repository, it failed validation with a signature error on the POM. I confirmed that the ASC file was uploaded correctly and that it was a valid signature for the locally generated POM. I didn't notice anything in a cursory glance over the uploaded POM, but a diff showed that the <?xml ?> tag was slightly different. Apparently the Groovy XML utilities produced an intermediate POM file that exactly matched the final one uploaded by maven-publish, but my way of doing it in Kotlin didn't, so the script produced a signature for a different file. I ended up working around it by a quick string replace.
Labels:
misc
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment