Publishing on sonatype - no public key

2
votes

I try to publish my java project jar on sonatype. Let's say it's called my.jar. I signed it with pgp with my recently created key:

gpg --gen-key
...
gpg2 --list-keys
gpg2 --keyserver pgp.mit.edu --send-keys 7E6DE63A
gpg2 --keyserver pgp.mit.edu --recv-keys 7E6DE63A
##gpg: key 7E6DE63A: not changed
gpg2 -ab my.jar
##You need a passphrase to unlock the secret key for
##2048-bit RSA key, ID 7E6DE63A, created 2017-01-24

And then I deployed my.jar and my.jar.asc using staging upload tab in sonatype. Then in staging repositories tab I see:

No public key: Key with id: (f998bc7c7e6de63a)
was not able to be located on http://pgp.mit.edu:11371/.
Upload your public key and try the operation again.

What's the problem with it? Where did it take the id mentioned in error message?

1
javapublishingsonatype

1 Answers

2
votes

1. You need to upload your public GPG key the keyserver.

There is several sources to tell you how:

  1. https://dzone.com/articles/how-to-create-and-release-a-jar-to-maven-central
  2. http://central.sonatype.org/pages/working-with-pgp-signatures.html#installing-gnupg
  3. https://help.ubuntu.com/community/GnuPrivacyGuardHowto

And from your steps I can see that you already did.

2. Check it:

It is easy to check if your key is on the server. Search for f998bc7c7e6de63a on http://pgp.mit.edu.

Since it is a HEX it should start with 0x: http://pgp.mit.edu/pks/lookup?search=0xf998bc7c7e6de63a

As you can see it does return a record.

3. Replication

The key will then replicate. It is possible that you try to deploy too fast and it is not yet available across the network. Try in 30 minutes and it should work.