配置

Question

我想将工件部署到Sonatype OSS存储库。

使用以下命令部署时，签名无效。

mvn clean source:jar javadoc:jar install gpg:sign deploy

> gpg --verify  target/security-versions-1.0.1.jar.asc
gpg: assuming signed data in 'target/security-versions-1.0.1.jar'
gpg: Signature made 10/20/15 11:45:50 Eastern Daylight Time using RSA key ID 63E38ACF
gpg: BAD signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate]

如果我删除部署目标，则签名是好的。

mvn clean source:jar javadoc:jar install gpg:sign

> gpg --verify  target/security-versions-1.0.1.jar.asc
gpg: assuming signed data in 'target/security-versions-1.0.1.jar'
gpg: Signature made 10/20/15 11:54:34 Eastern Daylight Time using RSA key ID 63E38ACF
gpg: Good signature from "Philippe Arteau <philippe.arteau@gmail.com>" [ultimate]

我意识到，在签名操作之后，罐子再次打包。如何在不破坏签名的情况下进行部署？

有问题的操作：

[INFO] --- maven-gpg-plugin:1.5:sign (default-cli) @ security-versions ---

You need a passphrase to unlock the secret key for
user: "Philippe Arteau <philippe.arteau@gmail.com>"
4096-bit RSA key, ID 63E38ACF, created 2013-05-12

[...]

[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ security-versions ---
[INFO] Building jar: C:\Code\workspace-java\maven-security-versions\target\security-versions-1.0.1.jar
[INFO]
[INFO] --- maven-plugin-plugin:3.2:addPluginArtifactMetadata (default-addPluginArtifactMetadata) @ security-versions ---
[INFO]
[INFO] --- maven-source-plugin:2.2.1:jar-no-fork (default) @ security-versions ---
[INFO] Building jar: C:\Code\workspace-java\maven-security-versions\target\security-versions-1.0.1-sources.jar

由于编译和包装已经发生，因此不应该完成第二部分。

Answer 1

您不应该同时运行install和deploy。否则，您将运行两次包装步骤。

我建议仅使用deploy。看一下这个post。

Answer 2

配置

他们的解决方法需要在$user = $_SESSION['name']; $con = mysqli_connect("localhost","root","","db_shop"); $sql = mysqli_query($con,"SELECT * FROM tbl_cart WHERE `user` = '$user' AND `done` = '0'"); while( $result = mysqli_fetch_assoc( $sql ) ){ $file = $result['items']; $res = explode(",",$file); $total = 0; $tmp = count( $res ); for( $i = 0 ; $i < $tmp; $i++ ){ $sql_inner = "SELECT * FROM `tbl_details` WHERE `file_name` = '".$res[$i]."'"; #echo $sql_inner; $res_inner = mysqli_query( $con, "SELECT * FROM `tbl_details` WHERE `file_name` = '".$res[$i]."'"); while( $row = mysqli_fetch_object( $res_inner ) ){ $total += $row->price; } echo "<script>alert('$total');</script>"; } }中添加另一段XML。

pom.xml

此示例位于this response。虽然更通用，但这个人可能会遇到同样的错误。

可以触发完整部署：<build> <plugins> <plugin> <inherited>true</inherited> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> <version>2.8.2</version> <configuration> <updateReleaseInfo>true</updateReleaseInfo> </configuration> <executions> <execution> <goals> <goal>deploy</goal> </goals> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <version>1.6</version> <executions> <execution> <id>sign-artifacts</id> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> </build>（重要：不要提及安装或验证）

买者

配置确保在 maven-deploy-plugin 之前运行 gpg：sign 。

如果提及验证 / 安装 / 签名插件，则可能会出现副作用。（mvn clean source:jar javadoc:jar deploy）该包将以递归方式注册4次（签名正在签名..）。

OSS-父

拥有 oss-parent 引用可能会触发 gpg：sign because of this。

Maven'deploy'导致签名操作后的代码重新打包（BAD签名）

2 个答案:

配置

买者

OSS-父