-
-
Notifications
You must be signed in to change notification settings - Fork 0
GPGSetup
Lenni0451 edited this page Sep 26, 2024
·
3 revisions
When publishing a library to a maven repository (like Maven Central), you need to sign the built jar file(s).
The signing process is done with a GPG key which needs to be published to a key server (hkps://keys.openpgp.org in my case).
When using Windows, you can download the GPG for Windows from here.
When using Linux, you'll figure it out yourself :).
After installing GPG and creating a key, you can export the secret key to a file:
gpg --export-secret-key > secretkey.gpgThe secret key can then be used to sign the jar file(s) when publishing:
signing.keyId=A1B2C3D4
signing.password=123456
signing.secretKeyRingFile=secretkey.gpgThe signing.keyId is the last 8 characters of the key id.
You can find more information in the official Gradle documentation here.