Gradle 签名 Android 图书馆出版物:无法执行签名任务,因为它没有配置的签名人
Gradle signing Android Library publications: Cannot perform signing task because it has no configured signatory
几个小时过去了,我一直在尝试 publish/release 在 Maven Central 上签名工件。
最终发布后,我没有通过“签名验证”测试。经过一番研究,我发现即使我的档案有签名,我的出版物也没有签名。
所以在添加这行之后:sign publishing.publications.release
签署出版物我在执行以下任务时遇到此错误:publishReleasePublicationToMavenCentralRepository:
Cannot perform signing task ':xxx:signReleasePublication' because
it has no configured signatory
Gradle 包装器:7.1.1.
build.gradle(库级别):
apply plugin: 'com.android.library'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'signing'
apply plugin: 'maven-publish'
repositories {
mavenCentral()
google()
jcenter()
maven { url "https://jitpack.io" }
}
android {
compileSdkVersion 30
buildToolsVersion "29.0.3"
defaultConfig {
minSdkVersion 21
targetSdkVersion 30
versionCode 9
versionName "1.1.4"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
consumerProguardFiles 'consumer-rules.pro'
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = "1.8"
}
}
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxxx'
artifactId = 'xxx'
version = '1.1.4'
from components.release
signing {
useInMemoryPgpKeys(
properties.getProperty('signing.keyId'),
properties.getProperty('signing.secretKeyRingFile'),
properties.getProperty('signing.password')
)
sign publishing.publications.release //It's after adding this specific line that I got the error of no configured signatory
sign configurations.archives
}
pom {
//I also tried to put the signing block here but nothing changes
name = 'xxx'
description = 'xxx'
url = 'xxx
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
// change URLs to point to your repos, e.g. http://my.org/repo
//def releasesRepoUrl = layout.buildDirectory.dir('repos/releases')
//def snapshotsRepoUrl = layout.buildDirectory.dir('repos/snapshots')
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('ossrhUsername')
password = properties.getProperty('ossrhPassword')
}
}
}
}
}
我看到一个问题在这里没有得到回答,我得到了完全相同的错误:Gradle build configured signatory
编辑:这是我的 gradle.properties 位于 ~/.gradle/ 下:
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=xxx
ossrhUsername=xxx
ossrhPassword=xxx
编辑:为了清楚起见:我添加了这一行,因为当我在没有这一行的情况下发布出版物后尝试关闭以发布它时,我在 Nexus 存储库上遇到签名失败:
我终于能够使用签名的工件发布和发布我的存储库了!
出了什么问题:
我正在使用 useInMemoryPgpKeys(我不应该)
我从未将我的 gpg key 分发到任何服务器
为此我做了以下事情:
gpg --keyserver keys.openpgp.org --send-keys yourKey
中央服务器支持 3 个服务器:
keyserver.ubuntu.com
keys.openpgp.org
pgp.mit.edu
但我建议在 openpgp 上上传,因为 ubuntu 没有工作(当我关闭 Nexus 上的 repo 时,我收到一条错误消息,说它没有在任何服务器上找到密钥).
只需 运行:
即可知道您的密钥
gpg --list-keys
您的密钥应如下所示:CA925CD6C9E8D064FF05B4728190C4130ABA0F98
所以这是我的决赛 build.gradle:
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxx'
artifactId = 'xxx'
version = mVersionName
pom {
signing {
sign publishing.publications.release
sign configurations.archives
}
name = 'WeLoop'
description = 'xxx'
url = 'xxx'
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx.git'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('mavenCentralUsername')
password = properties.getProperty('mavenCentralPassword')
}
}
}
}
}
和我的决赛 ~/.gradle/gradle.properties:
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=/xxx/secring.gpg
几个小时过去了,我一直在尝试 publish/release 在 Maven Central 上签名工件。
最终发布后,我没有通过“签名验证”测试。经过一番研究,我发现即使我的档案有签名,我的出版物也没有签名。
所以在添加这行之后:sign publishing.publications.release
签署出版物我在执行以下任务时遇到此错误:publishReleasePublicationToMavenCentralRepository:
Cannot perform signing task ':xxx:signReleasePublication' because it has no configured signatory
Gradle 包装器:7.1.1.
build.gradle(库级别):
apply plugin: 'com.android.library'
apply plugin: 'kotlin-android'
apply plugin: 'kotlin-android-extensions'
apply plugin: 'signing'
apply plugin: 'maven-publish'
repositories {
mavenCentral()
google()
jcenter()
maven { url "https://jitpack.io" }
}
android {
compileSdkVersion 30
buildToolsVersion "29.0.3"
defaultConfig {
minSdkVersion 21
targetSdkVersion 30
versionCode 9
versionName "1.1.4"
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
consumerProguardFiles 'consumer-rules.pro'
}
buildTypes {
release {
minifyEnabled false
proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
}
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
}
kotlinOptions {
jvmTarget = "1.8"
}
}
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxxx'
artifactId = 'xxx'
version = '1.1.4'
from components.release
signing {
useInMemoryPgpKeys(
properties.getProperty('signing.keyId'),
properties.getProperty('signing.secretKeyRingFile'),
properties.getProperty('signing.password')
)
sign publishing.publications.release //It's after adding this specific line that I got the error of no configured signatory
sign configurations.archives
}
pom {
//I also tried to put the signing block here but nothing changes
name = 'xxx'
description = 'xxx'
url = 'xxx
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
// change URLs to point to your repos, e.g. http://my.org/repo
//def releasesRepoUrl = layout.buildDirectory.dir('repos/releases')
//def snapshotsRepoUrl = layout.buildDirectory.dir('repos/snapshots')
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('ossrhUsername')
password = properties.getProperty('ossrhPassword')
}
}
}
}
}
我看到一个问题在这里没有得到回答,我得到了完全相同的错误:Gradle build configured signatory
编辑:这是我的 gradle.properties 位于 ~/.gradle/ 下:
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=xxx
ossrhUsername=xxx
ossrhPassword=xxx
编辑:为了清楚起见:我添加了这一行,因为当我在没有这一行的情况下发布出版物后尝试关闭以发布它时,我在 Nexus 存储库上遇到签名失败:
我终于能够使用签名的工件发布和发布我的存储库了!
出了什么问题:
我正在使用 useInMemoryPgpKeys(我不应该)
我从未将我的 gpg key 分发到任何服务器
为此我做了以下事情:
gpg --keyserver keys.openpgp.org --send-keys yourKey
中央服务器支持 3 个服务器:
keyserver.ubuntu.com
keys.openpgp.org
pgp.mit.edu
但我建议在 openpgp 上上传,因为 ubuntu 没有工作(当我关闭 Nexus 上的 repo 时,我收到一条错误消息,说它没有在任何服务器上找到密钥).
只需 运行:
即可知道您的密钥gpg --list-keys
您的密钥应如下所示:CA925CD6C9E8D064FF05B4728190C4130ABA0F98
所以这是我的决赛 build.gradle:
Properties properties = new Properties()
properties.load(project.rootProject.file('local.properties').newDataInputStream())
// Because the components are created only during the afterEvaluate phase, you must
// configure your publications using the afterEvaluate() lifecycle method.
afterEvaluate {
publishing {
publications {
release(MavenPublication) {
groupId = 'xxx'
artifactId = 'xxx'
version = mVersionName
pom {
signing {
sign publishing.publications.release
sign configurations.archives
}
name = 'WeLoop'
description = 'xxx'
url = 'xxx'
licenses {
license {
name = 'MIT License'
url = 'https://opensource.org/licenses/MIT'
}
}
developers {
developer {
id = 'xxx'
name = 'xxx'
email = 'xxx'
}
}
scm {
connection = 'scm:git:git://github.com/xxx.git'
developerConnection = 'scm:git:ssh://github.com/xxx'
url = 'https://github.com/xxx'
}
}
}
}
repositories {
maven {
url = uri("https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/")
credentials {
username = properties.getProperty('mavenCentralUsername')
password = properties.getProperty('mavenCentralPassword')
}
}
}
}
}
和我的决赛 ~/.gradle/gradle.properties:
mavenCentralUsername=xxx
mavenCentralPassword=xxx
signing.keyId=xxx
signing.password=xxx
signing.secretKeyRingFile=/xxx/secring.gpg