You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tuscany.apache.org by kelvin goodson <ke...@gmail.com> on 2006/10/17 15:26:06 UTC

mvn deploy, passwords and signing

I'm currently trying to deploy and sign the sdo artifatcs to the remote
maven repository.
I have 2 issues.
1) I have put a <server> stanza in my settings.xml for maven to give my
username and password for the server,  but maven still requires me to enter
my password multiple times in clear text for each deploy operation (approx
20 times for a fulll deploy run)
2)  What's the best way to sign the deployed artifacts?  Currently I'm
letting the deploy complete, then ftping down the artifacts, creatign a
signature and sending it back up,  which is a real pain.  I looked for a
while to find out how to get my private key exported to the server,  but I'm
not sure if that's the right thing to do and i' couldn't see how to do it.

Any help gratefully received,

Regards, Kelvin.

Re: mvn deploy, passwords and signing

Posted by Jeremy Boynes <jb...@apache.org>.

we chatted on irc but ...

On Oct 17, 2006, at 6:26 AM, kelvin goodson wrote:

> I'm currently trying to deploy and sign the sdo artifatcs to the  
> remote
> maven repository.
> I have 2 issues.
> 1) I have put a <server> stanza in my settings.xml for maven to  
> give my
> username and password for the server,  but maven still requires me  
> to enter
> my password multiple times in clear text for each deploy operation  
> (approx
> 20 times for a fulll deploy run)

My guess would be you don't have your ssh key installed on the server.
If you trust you local machine is secure, you can add your *public*  
key to ~/.ssh/authorized_keys on the server and ssh will log you in  
automatically based on your local private key. If you use ssh as a  
client, the public key is in id_dsa.pub on the client; if you're  
using another program ypu'll have to find it :-)

You should never put a private key on an Apache Server (ssh or gpg).

> 2)  What's the best way to sign the deployed artifacts?  Currently I'm
> letting the deploy complete, then ftping down the artifacts,  
> creatign a
> signature and sending it back up,  which is a real pain.  I looked  
> for a
> while to find out how to get my private key exported to the  
> server,  but I'm
> not sure if that's the right thing to do and i' couldn't see how to  
> do it.

I signed them in my /local/ repo and uploaded the .asc files

--
Jeremy

---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org