...
- Make sure you have a PGP key of at least 4096 bits in the RSA format added to the KEYS file in addition to a public PGP key server such as http://keyserver.ubuntu.com.
- Configure your
git config
user.signingkeysigningKey
,user.name
, anduser.email
values to match that key.For example:
Code Block git config user.name 'Matt Sicker' git config user.email 'mattsicker@apache.org' git config user.signingKey 0x031EE010CA15D1EE
- Add your GPG and LDAP info to your
~/.m2/settings.xml
- If you haven't set a master password for Maven, run
mvn --encrypt-master-password
and choose a password. - Save this in
~/.m2/settings-security.xml
as (make sure to preserve the curly braces to indicate the password is encrypted):Code Block language xml <settingsSecurity> <master>{encryptedPasswordHere}</master> </settingsSecurity>
- Next, encrypt your LDAP and GPG passwords using
mvn --encrypt-password
and store those inside~/.m2/settings.xml
like so (make sure to use the long form of your key id given by thegpg -K
command):Code Block language xml <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> <servers> <server> <id>svn.apache.org</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> <server> <id>apache.releases.https</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> <server> <id>apache.snapshots.https</id> <username>myLdapId</username> <password>{myLdapPass}</password> </server> </servers> <!-- note that this enables the release profile by default which will gpg sign all apache artifacts during builds --> <!-- when not releasing, comment this element out or use -P!apache-release to disable the profile from the command line --> <activeProfiles> <activeProfile>apache-release</activeProfile> </activeProfiles> <profiles> <profile> <id>apache-release</id> <properties> <!-- note that these settings are only needed if you haven't configured your default key in your gpg.conf already --> <gpg.keyname>myGpgKeyId<keyname>0x031EE010CA15D1EE</gpg.keyname> <!-- specify your Maven-encrypted GPG passphrase for this key if you aren't using gpg-agent --> <gpg.passphrase>{myGpgKeyPassphrase}</gpg.passphrase> </properties> </profile> </profiles> </settings>
- If you haven't set a master password for Maven, run
...