使用 gpg:sign-and-deploy-file 部署到 Maven Central 时出现 400 Bad Request
Getting 400 Bad Request when deploying to Maven Central with gpg:sign-and-deploy-file
我有一个 .jar 文件,我想使用 Travis 将其上传到 Maven Central。创建账号的Jira ticket是我公司发给Sonatype的,账号已经创建。
我在 Travis 脚本中上传工件的命令如下:
mvn gpg:sign-and-deploy-file \
-DpomFile=stuff/pom.xml \
-Dfile=_build/java/Packager.jar \
-Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ \
-DrepositoryId=maven-central \
-Dgpg.passphrase=${mvn_passphrase}
命令的输出以以下错误结束:
Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar
Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.115 s
[INFO] Finished at: 2020-01-15T16:48:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact com.cloudblue:connect-sdk:jar:18.0 from/to maven-central (https://oss.sonatype.org/service/local/staging/deploy/maven2/): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar 400 Bad Request -> [Help 1]
这些是 ~/.m2/settings.xml 文件的内容:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>maven-central</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
</profile>
</profiles>
<activeProfiles>
<activeProfile>maven-central</activeProfile>
</activeProfiles>
<servers>
<server>
<id>maven-central</id>
<!-- These will be replaced by the proper env vars by the Travis script -->
<username>__USER__</username>
<password>__PASSWORD__</password>
</server>
</servers>
</settings>
这是我的 pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.cloudblue</groupId>
<artifactId>connect-sdk</artifactId>
<version>18.0</version>
<packaging>jar</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>Connect Java SDK autogenerated from Haxe sources.</description>
<url>https://github.com/cloudblue/connect-java-sdk</url>
<licenses>
<license>
<name>The Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>CloudBlue</name>
<email>connect-service-account@ingrammicro.com</email>
<organization>CloudBlue</organization>
<organizationUrl>https://www.cloudblue.com/</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:git://github.com/cloudblue/connect-java-sdk.git</connection>
<developerConnection>scm:git:ssh://github.com:cloudblue/connect-java-sdk.git</developerConnection>
<url>https://github.com/cloudblue/connect-java-sdk</url>
</scm>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven-deploy-plugin.version>3.0.0-M1</maven-deploy-plugin.version>
</properties>
<build>
<plugins>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>${maven-deploy-plugin.version}</version>
<executions>
<execution>
<configuration>
<repositoryId>maven-central</repositoryId>
<file>connect.jar</file>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${maven-gpg-plugin-version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.8</version>
<extensions>true</extensions>
<configuration>
<serverId>maven-central</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>maven-central</id>
<name>Snapshot</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>maven-central</id>
<name>Release</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
有人可以就 400 错误的可能原因提供指导吗?
编辑: 我找到了其中一个问题的原因。创建 Sonatype 帐户时,groupId 未设置为正确的值。它已被修复。现在,使用 deploy:deploy-file
目标可以正确上传包,但是使用 gpg:sign-and-deploy-file
签名和上传文件会引发以下错误:
Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar (374 kB at 19 kB/s)
Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom (3.7 kB at 6.2 kB/s)
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/maven-metadata.xml
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc
[WARNING] Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 27.511 s
[INFO] Finished at: 2020-01-17T08:00:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to retrieve remote metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc: Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request -> [Help 1]
我最终使用 REST API 上传了所有工件并且效果非常好。 Maven 似乎是随机工作的。有时是在上传签名文件,大多数时候不是。
对于有同样问题的人,我们做了以下工作:
- 签名并部署到本地目录:
例如
mvn gpg:sign-and-deploy-file -e -X -Durl="file:///tmp"
- 使用 curl 上传到 maven:参见:
https://support.sonatype.com/hc/en-us/articles/213465868-Uploading-to-a-Staging-Repository-via-REST-API
我很傻,在 pomFile 参数中包含了我项目的路径 pom.xml 而不是 jar pom,这也导致了这个错误。
希望能帮助我的一些同行解决这个问题。
我有一个 .jar 文件,我想使用 Travis 将其上传到 Maven Central。创建账号的Jira ticket是我公司发给Sonatype的,账号已经创建。
我在 Travis 脚本中上传工件的命令如下:
mvn gpg:sign-and-deploy-file \
-DpomFile=stuff/pom.xml \
-Dfile=_build/java/Packager.jar \
-Durl=https://oss.sonatype.org/service/local/staging/deploy/maven2/ \
-DrepositoryId=maven-central \
-Dgpg.passphrase=${mvn_passphrase}
命令的输出以以下错误结束:
Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar
Uploading to maven-central: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.115 s
[INFO] Finished at: 2020-01-15T16:48:51Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact com.cloudblue:connect-sdk:jar:18.0 from/to maven-central (https://oss.sonatype.org/service/local/staging/deploy/maven2/): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect-sdk/18.0/connect-sdk-18.0.jar 400 Bad Request -> [Help 1]
这些是 ~/.m2/settings.xml 文件的内容:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<profiles>
<profile>
<id>maven-central</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
</profile>
</profiles>
<activeProfiles>
<activeProfile>maven-central</activeProfile>
</activeProfiles>
<servers>
<server>
<id>maven-central</id>
<!-- These will be replaced by the proper env vars by the Travis script -->
<username>__USER__</username>
<password>__PASSWORD__</password>
</server>
</servers>
</settings>
这是我的 pom.xml:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.cloudblue</groupId>
<artifactId>connect-sdk</artifactId>
<version>18.0</version>
<packaging>jar</packaging>
<name>${project.groupId}:${project.artifactId}</name>
<description>Connect Java SDK autogenerated from Haxe sources.</description>
<url>https://github.com/cloudblue/connect-java-sdk</url>
<licenses>
<license>
<name>The Apache License, Version 2.0</name>
<url>http://www.apache.org/licenses/LICENSE-2.0.txt</url>
</license>
</licenses>
<developers>
<developer>
<name>CloudBlue</name>
<email>connect-service-account@ingrammicro.com</email>
<organization>CloudBlue</organization>
<organizationUrl>https://www.cloudblue.com/</organizationUrl>
</developer>
</developers>
<scm>
<connection>scm:git:git://github.com/cloudblue/connect-java-sdk.git</connection>
<developerConnection>scm:git:ssh://github.com:cloudblue/connect-java-sdk.git</developerConnection>
<url>https://github.com/cloudblue/connect-java-sdk</url>
</scm>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven-deploy-plugin.version>3.0.0-M1</maven-deploy-plugin.version>
</properties>
<build>
<plugins>
<plugin>
<artifactId>maven-deploy-plugin</artifactId>
<version>${maven-deploy-plugin.version}</version>
<executions>
<execution>
<configuration>
<repositoryId>maven-central</repositoryId>
<file>connect.jar</file>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>${maven-gpg-plugin-version}</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.sonatype.plugins</groupId>
<artifactId>nexus-staging-maven-plugin</artifactId>
<version>1.6.8</version>
<extensions>true</extensions>
<configuration>
<serverId>maven-central</serverId>
<nexusUrl>https://oss.sonatype.org/</nexusUrl>
<autoReleaseAfterClose>true</autoReleaseAfterClose>
</configuration>
</plugin>
</plugins>
</build>
<distributionManagement>
<snapshotRepository>
<id>maven-central</id>
<name>Snapshot</name>
<url>https://oss.sonatype.org/content/repositories/snapshots</url>
</snapshotRepository>
<repository>
<id>maven-central</id>
<name>Release</name>
<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
</repository>
</distributionManagement>
</project>
有人可以就 400 错误的可能原因提供指导吗?
编辑: 我找到了其中一个问题的原因。创建 Sonatype 帐户时,groupId 未设置为正确的值。它已被修复。现在,使用 deploy:deploy-file
目标可以正确上传包,但是使用 gpg:sign-and-deploy-file
签名和上传文件会引发以下错误:
Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar (374 kB at 19 kB/s)
Uploading to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom
Uploaded to connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.pom (3.7 kB at 6.2 kB/s)
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/maven-metadata.xml
Downloading from connect: https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc
[WARNING] Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 27.511 s
[INFO] Finished at: 2020-01-17T08:00:16Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.6:sign-and-deploy-file (default-cli) on project standalone-pom: Failed to retrieve remote metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc: Could not transfer metadata com.cloudblue:connect.sdk:18.0/connect.sdk-18.0.jar.asc from/to connect (https://oss.sonatype.org/service/local/staging/deploy/maven2): Transfer failed for https://oss.sonatype.org/service/local/staging/deploy/maven2/com/cloudblue/connect.sdk/18.0/connect.sdk-18.0.jar.asc 400 Bad Request -> [Help 1]
我最终使用 REST API 上传了所有工件并且效果非常好。 Maven 似乎是随机工作的。有时是在上传签名文件,大多数时候不是。
对于有同样问题的人,我们做了以下工作:
- 签名并部署到本地目录:
例如
mvn gpg:sign-and-deploy-file -e -X -Durl="file:///tmp"
- 使用 curl 上传到 maven:参见: https://support.sonatype.com/hc/en-us/articles/213465868-Uploading-to-a-Staging-Repository-via-REST-API
我很傻,在 pomFile 参数中包含了我项目的路径 pom.xml 而不是 jar pom,这也导致了这个错误。 希望能帮助我的一些同行解决这个问题。