Versions Compared

Old Version 6

changes.mady.by.user Matt Sicker

Saved on

compared with

New Version Current

changes.mady.by.user Matt Sicker

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Clarify some gpg usage

...

  1. Make sure you have a PGP key of at least 4096 bits in the RSA format added to the KEYS file in addition to a public PGP key server such as http://keyserver.ubuntu.com.
  2. Configure your git config user.signingkeysigningKey, user.name, and user.email values to match that key.

    1. For example:

      Code Block
      git config user.name 'Matt Sicker'
git config user.email 'mattsicker@apache.org'
git config user.signingKey 0x031EE010CA15D1EE


  3. Add your GPG and LDAP info to your ~/.m2/settings.xml
    1. If you haven't set a master password for Maven, run mvn --encrypt-master-password and choose a password.
    2. Save this in ~/.m2/settings-security.xml as (make sure to preserve the curly braces to indicate the password is encrypted):


      1. Code Block
        languagexml
        <settingsSecurity>
  <master>{encryptedPasswordHere}</master>
</settingsSecurity>


    3. Next, encrypt your LDAP and GPG passwords using mvn --encrypt-password and store those inside ~/.m2/settings.xml like so (make sure to use the long form of your key id given by the gpg -K command):


      1. Code Block
        languagexml
        <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">

  <servers>
    <server>
      <id>svn.apache.org</id>
      <username>myLdapId</username>
      <password>{myLdapPass}</password>
    </server>
    <server>
      <id>apache.releases.https</id>
      <username>myLdapId</username>
      <password>{myLdapPass}</password>
    </server>
    <server>
      <id>apache.snapshots.https</id>
      <username>myLdapId</username>
      <password>{myLdapPass}</password>
    </server>
  </servers>

  <!-- note that this enables the release profile by default which will gpg sign all apache artifacts during builds -->
  <!-- when not releasing, comment this element out or use -P!apache-release to disable the profile from the command line -->
  <activeProfiles>
    <activeProfile>apache-release</activeProfile>
  </activeProfiles>

  <profiles>
    <profile>
      <id>apache-release</id>
      <properties>
		<!-- note that these settings are only needed if you haven't configured your default key in your gpg.conf already -->
        <gpg.keyname>myGpgKeyId<keyname>0x031EE010CA15D1EE</gpg.keyname>
		<!-- specify your Maven-encrypted GPG passphrase for this key if you aren't using gpg-agent -->
        <gpg.passphrase>{myGpgKeyPassphrase}</gpg.passphrase>
      </properties>
    </profile>
  </profiles>

</settings>


...