Maven Deploy validation failed: Invalid signature for file

image
I tried to validate in other places and it works, because I didn’t change anything other than updating to 0.3.0 of the central-publishing-maven-plugin (previous versions receive a 500 error from sonatype)

My pom.xml is here → at4j - Pastebin.com

1 Like

Central-Build → central-bundle

Did you solve this?

Yeah, I had to add

plugin...
<executions>
                    <execution>
                        <id>attach-javadocs</id>
                        <phase>package</phase> <---this
                        <goals>
                            <goal>jar</goal>
                        </goals>
                    </execution>
</executions>

To all of them

Hi Breno ,
i tried doing the same and i am still facing the same issue since 5 days . can you kindly help me on this.
this is my pom.xml

<?xml version="1.0" encoding="UTF-8"?>


4.0.0

<parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>3.2.0</version>
    <relativePath/> <!-- lookup parent from repository -->
</parent>

<groupId>io.github.bughunter98</groupId>
<artifactId>blog-integrations</artifactId>
<version>1.0.0</version>

<name>blog-integrations</name>
<description>This is a light-weight jar used where all the pojos required for my project are stored</description>
<url>https://github.com/bughunter98/blogapp-integrations</url>

<licenses>
    <license>
        <name>Apache License 2.0</name>
        <url>https://github.com/bughunter98/blogapp-integrations/blob/release-1.0.0/LICENSE</url>
    </license>
</licenses>

<properties>
    <maven.compiler.source>11</maven.compiler.source>
    <maven.compiler.target>11</maven.compiler.target>
    <maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
    <java.version>17</java.version>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <central-publishing-maven-plugin.version>0.3.0</central-publishing-maven-plugin.version>
    <nexus-staging-maven-plugin.version>1.6.7</nexus-staging-maven-plugin.version>
    <maven-javadoc-plugin.version>3.6.3</maven-javadoc-plugin.version>
</properties>

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.modelmapper</groupId>
        <artifactId>modelmapper</artifactId>
        <version>3.2.0</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-webflux</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-devtools</artifactId>
        <scope>runtime</scope>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>com.mysql</groupId>
        <artifactId>mysql-connector-j</artifactId>
        <version>8.2.0</version>
    </dependency>
    <dependency>
        <groupId>org.projectlombok</groupId>
        <artifactId>lombok</artifactId>
        <optional>true</optional>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>io.projectreactor</groupId>
        <artifactId>reactor-test</artifactId>
        <scope>compile</scope>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-validation -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-validation</artifactId>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-jackson</artifactId>
        <version>0.11.5</version>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-api</artifactId>
        <version>0.11.5</version>
    </dependency>
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt-impl</artifactId>
        <version>0.11.5</version>
    </dependency>
</dependencies>

<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>${maven-compiler-plugin.version}</version>
            <configuration>
                <source>${java.version}</source>
                <target>${java.version}</target>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.sonatype.central</groupId>
            <artifactId>central-publishing-maven-plugin</artifactId>
            <version>${central-publishing-maven-plugin.version}</version>
            <extensions>true</extensions>
            <configuration>
                <publishingServerId>central</publishingServerId>
                <tokenAuth>true</tokenAuth>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-source-plugin</artifactId>
            <version>3.3.0</version>
            <executions>
                <execution>
                    <id>attach-sources</id>
                    <phase>package</phase>
                    <goals>
                        <goal>jar</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-surefire-plugin</artifactId>
            <version>3.2.5</version>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-resources-plugin</artifactId>
            <version>3.3.1</version>
            <executions>
                <execution>
                    <id>copy-resources</id>
                    <phase>validate</phase>
                    <goals>
                        <goal>copy-resources</goal>
                    </goals>
                    <configuration>
                        <outputDirectory>${project.build.outputDirectory}</outputDirectory>
                        <resources>
                            <resource>
                                <directory>${project.basedir}/src/main/resources</directory>
                                <filtering>true</filtering>
                            </resource>
                        </resources>
                    </configuration>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.jacoco</groupId>
            <artifactId>jacoco-maven-plugin</artifactId>
            <version>0.8.11</version>
            <executions>
                <execution>
                    <id>prepare-agent</id>
                    <goals>
                        <goal>prepare-agent</goal>
                    </goals>
                </execution>
                <execution>
                    <id>report</id>
                    <goals>
                        <goal>report</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-javadoc-plugin</artifactId>
            <version>${maven-javadoc-plugin.version}</version>
            <configuration>
                <javadocExecutable>${java.home}/bin/javadoc</javadocExecutable>
            </configuration>
            <executions>
                <execution>
                    <id>attach-javadocs</id>
                    <phase>package</phase>
                    <goals>
                        <goal>jar</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-gpg-plugin</artifactId>
            <version>3.1.0</version>
            <executions>
                <execution>
                    <id>sign-artifacts</id>
                    <phase>verify</phase>
                    <goals>
                        <goal>sign</goal>
                    </goals>
                    <configuration>
                        <keyname>// not attaching this in the reply</keyname>
                        <gpgArguments>
                            <arg>--pinentry-mode</arg>
                            <arg>loopback</arg>
                        </gpgArguments>
                    </configuration>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.sonatype.plugins</groupId>
            <artifactId>nexus-staging-maven-plugin</artifactId>
            <version>${nexus-staging-maven-plugin.version}</version>
            <extensions>true</extensions>
            <configuration>
                <serverId>ossrh</serverId>
                <nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
                <autoReleaseAfterClose>true</autoReleaseAfterClose>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-maven-plugin</artifactId>
            <configuration>
                <excludes>
                    <exclude>
                        <groupId>org.projectlombok</groupId>
                        <artifactId>lombok</artifactId>
                    </exclude>
                </excludes>
                <skip>true</skip>
            </configuration>
        </plugin>
    </plugins>
</build>

<distributionManagement>
    <snapshotRepository>
        <id>ossrh</id>
        <url>https://s01.oss.sonatype.org/content/repositories/snapshots</url>
    </snapshotRepository>
    <repository>
        <id>ossrh</id>
        <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
    </repository>
</distributionManagement>

<developers>
    <developer>
        <name>bug hunter98</name>
        <email>saitejathota@gmail.com</email>
        <organization>io.github.bughunter98</organization>
        <organizationUrl>https://github.com/bughunter98</organizationUrl>
    </developer>
</developers>

<scm>
    <connection>scm:git:git://github.com/bughunter98/blogapp-integrations.git</connection>
    <developerConnection>scm:git:ssh://github.com:bughunter98/blogapp-integrations.git</developerConnection>
    <url>https://github.com/bughunter98/blogapp-integrations</url>
</scm>

In my case the problem was that I didn’t upload the gpg public key to server. Check docs here

The command itself:

gpg --keyserver keyserver.ubuntu.com --send-keys {INSERT_YOUR_PUBLIC_KEY_HERE}

But wait a bit, Sonatype has some cache for keys

1 Like

Hi Oleg Kuzmin,

I also have the same problem and wanted to ask

How much time does it take for Sonatype’s server cache to confirm the GPG key?

Thanks

Do you have answer on this question?

I got successful publishing after 24 hours after uploading my public key to the server. I think, this moment should be reflected in documentation here. Working with PGP Signatures - The Central Repository Documentation

Maybe it’s thanks to you a special paragraph has appeared here Distributing Your Public Key[:anchor:︎] and not only that, it also lists supported GPG Keyservers:

As SKS Keyserver Network is being deprecated we recommend the use an specific GPG keyserver. Current GPG Keyservers supported by Central Servers are:

  • keyserver.ubuntu.com
  • keys.openpgp.org
  • pgp.mit.edu

In my case , just delete the rest GPG keys on my computer, then it’s worked. I hope it is helpul