jira-importer commented on issue #220: URL: https://github.com/apache/maven-deploy-plugin/issues/220#issuecomment-2771516148
**[Matthew Jones](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=jonespm)** commented Hmm, I'm not sure. For more detail what I was specifically having to fix up were errors caused by the maven gpg plugin which runs after the packaging phase. There is a patch MGPG-43 that fixes that to run in a different phase but that isn't applied. This may also be related to MGPG-33 (or at least someone else in the comments on that was having a problem). I do have more than one key and for some reason the gpg plugin was signing 1-2 out of ~500 artifacts incorrectly. Then these would upload to sonatype where it would get a signature validation exception. This sign-and-deploy calls the deployer.deploy and gets the signatures setup for deployment. I'd found that I had time while larger artifacts (jars) were uploading (slow connection) to manually run gpg to find all of the incorrect signatures and update them to be correct before they were uploaded and it worked. Using this "deployAtEnd" worked even better, and adding in a slight wait was all that was needed to make it completely automated to verify signatures and resign the invalid ones. I was not able to figure out why these artifacts were not being signed correctly during the maven process and it "seemed" completely random. Sometimes it would be one jar, another times a war, another times a pom. It seemed like a threading issue, where somehow artifacts were being overwritten after they were signed, but I couldn't see that from the logs and even with -T 1 it didn't change anything. But actually running the plugin with the sign-and-deploy made it quite a bit **easier** to actually deploy everything to nexus/sonatype than not using it and trying to upload it manually. Perhaps next time around, I'll be able to figure out why it wasn't signing right, maybe it won't happen. at all and everything will be fine. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
