Affects Version/s: 2.3.1
Fix Version/s: None
Environment:Ubuntu 10.4, Sun Java 1.6.0_20, Maven 2.2.1
Number of attachments :
Despite following instructions found here:
I ran into a problem uploading the bundle to Sonatype's Staging area. Specifically, I received an Invalid Signature error for the main jar artifact.
Sure enough, I ran the following:
and it confirmed that the signature was "BAD."
Upon further investigation, it would seem that the problem is that the repository:bundle-create goal is recreating the jar file, so the command:
seems to be creating the jar, signing it, and then creating the jar again – resulting in an invalid gpg signature for the jar.
Note that my pom does not include a gpg signing step – that is why it is part of the command line. My guess is that configuring the maven-gpg-plugin in the project pom may make this work – but I did not have the luxury of being able to do that this time.
The bundle-create goal needs to not recreate the jar file – just make the bundle. Or clarify the documentation.