This procedure was used to release the latest version of Handle.net JAR to Maven Central (via Sonatype) in April 2019. |
As of 2019, Sonatype has strict validation requirements for all JAR projects. They include:
Create a valid POM for this release. Here's the one created for v9.1.0 (with help from CNRI staff)
<?xml version="1.0" encoding="UTF-8"?> <project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <modelVersion>4.0.0</modelVersion> <groupId>org.dspace</groupId> <artifactId>handle</artifactId> <version>9.1.0</version> <name>CNRI Handle.net software</name> <description> CNRI Handle.net Software (Permission granted for redistribution by Giridhar Manepalli at CNRI) </description> <url>http://handle.net/</url> <dependencies> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>2.8.2</version> <scope>compile</scope> </dependency> <dependency> <groupId>net.cnri</groupId> <artifactId>cnriutil</artifactId> <version>2.0</version> <scope>compile</scope> </dependency> <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.11</version> <scope>compile</scope> </dependency> <dependency> <groupId>org.python</groupId> <artifactId>jython</artifactId> <version>2.2.1</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.59</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcpkix-jdk15on</artifactId> <version>1.59</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.0.1</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>org.eclipse.jetty.aggregate</groupId> <artifactId>jetty-all</artifactId> <version>8.1.22.v20160922</version> <scope>compile</scope> <exclusions> <exclusion> <artifactId>javax.servlet</artifactId> <groupId>org.eclipse.jetty.orbit</groupId> </exclusion> </exclusions> <optional>true</optional> </dependency> <dependency> <groupId>com.sleepycat</groupId> <artifactId>je</artifactId> <version>7.5.11</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>org.hyperic</groupId> <artifactId>sigar</artifactId> <version>1.6.5.132-7</version> <scope>compile</scope> <optional>true</optional> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <dependency> <groupId>org.hamcrest</groupId> <artifactId>hamcrest-core</artifactId> <version>1.3</version> <scope>test</scope> </dependency> <dependency> <groupId>net.minidev</groupId> <artifactId>json-smart</artifactId> <version>2.3</version> <scope>test</scope> </dependency> <dependency> <groupId>com.googlecode.json-simple</groupId> <artifactId>json-simple</artifactId> <version>1.1.1</version> <scope>test</scope> </dependency> <dependency> <groupId>com.nimbusds</groupId> <artifactId>nimbus-jose-jwt</artifactId> <version>2.26.1</version> <scope>test</scope> </dependency> </dependencies> <licenses> <license> <name>Handle.Net Public License Agreement (ver.2)</name> <url>http://hdl.handle.net/20.1000/112</url> <distribution>manual</distribution> </license> </licenses> <developers> <developer> <name>CNRI</name> <email>hdladmin@cnri.reston.va.us</email> <url>http://handle.net/hnr_support.html</url> </developer> </developers> </project> |
There are two ways of doing this, as noted in the Sonatype docs here: https://central.sonatype.org/pages/manual-staging-bundle-creation-and-deployment.html
You can either use maven-gpg-plugin to sign & deploy each file.
Or, you can manually sign each, and upload them to Sonatype (via the web UI).
I chose the latter. Here's what I did:
Bundle them into a single JAR (bundle.jar):
jar -cvf bundle.jar handle-9.1.0.pom handle-9.1.0.pom.asc handle-9.1.0.jar handle-9.1.0.jar.asc handle-9.1.0-sources.jar handle-9.1.0-sources.jar.asc handle-9.1.0-javadoc.jar handle-9.1.0-javadoc.jar.asc |