Maven Upload Requests

Official Bouncy Castle maven repository for syncing against.

Details

  • Type: Wish Wish
  • Status: Closed Closed
  • Resolution: Fixed
  • Labels:
    None

Description


Hi, we've had a lot of requests for this over the last few months, have just gotten around to doing it. The initial repository just has a few provider jars for the latest version in it, once I have confirmed that everything is in the right format and we're syncing okay I'll start publishing the other artifacts.

If there are any errors please let me know. I'm a bit of a maven novice, so apologies in advance if there are.

Standard info below:

"org.bouncycastle","bcmavensync@access.bouncycastle.org:/home/users/bcmavensync/maven/maven2","rsync_ssh","David Hook","dgh@bouncycastle.org",,

Issue Links

This issue supercedes:
MAVENUPLOAD-2477 Bouncycastle 143 bundles for bcmail and bcprov Closed
MAVENUPLOAD-2437 Update Bouncy Castle BCPROV/BCMAIL/BCTSP to 1.43 Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Brian Fox added a comment -
Please sign the artifacts with gpg --detach-sign, or use the maven-gpg-plugin.

Also, is it true that these jars really have no dependencies?
Show
Brian Fox added a comment - Please sign the artifacts with gpg --detach-sign, or use the maven-gpg-plugin. Also, is it true that these jars really have no dependencies?
Hide
Permalink
Brian Fox added a comment -
The rest of the setup appears ok as I can rsync the contents from central. Once the sigs are present, we can flip on the sync.
Show
Brian Fox added a comment - The rest of the setup appears ok as I can rsync the contents from central. Once the sigs are present, we can flip on the sync.
Hide
Permalink
David Hook added a comment -
Yes, the provider jars have no dependencies, you could say it goes with the turf... The other BC jars do have dependencies. I've added the mail jars for 1.5 and 1.4 as an example. I'm assuming that only mandatory dependencies are required (see description in POM for example).

With the --detach-sign, I'm guessing you mean I should set up a BC PGP key and generate detached signatures with those. Is that correct?

Is there somewhere I should register the public key?

Thanks,

David
Show
David Hook added a comment - Yes, the provider jars have no dependencies, you could say it goes with the turf... The other BC jars do have dependencies. I've added the mail jars for 1.5 and 1.4 as an example. I'm assuming that only mandatory dependencies are required (see description in POM for example). With the --detach-sign, I'm guessing you mean I should set up a BC PGP key and generate detached signatures with those. Is that correct? Is there somewhere I should register the public key? Thanks, David
Hide
Permalink
David Hook added a comment -
Okay, I think I've managed to answer my question.

I've attached an armoured GPG public key in a jar file that has been signed with the BC code signing key.

Signing Key ID is B341DDB020FCB6AB

I've generated detached signatures for the jar files and the poms.

Let me know if I need to do anything else.

Thanks,

David
Show
David Hook added a comment - Okay, I think I've managed to answer my question. I've attached an armoured GPG public key in a jar file that has been signed with the BC code signing key. Signing Key ID is B341DDB020FCB6AB I've generated detached signatures for the jar files and the poms. Let me know if I need to do anything else. Thanks, David

People

Vote (4)
Watch (4)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.