Mysterious Partial Signing Errors Uploading To Sonatype
If you encounter errors like there when uploading to Sonatype (Maven Central):
Invalid signature for file: my-package-0.3.0-javadoc.jar
Invalid signature for file: my-package-0.3.0.pom
Be sure you have distributed your public key to a key server.
gpg --keyserver keyserver.ubuntu.com --send-keys {your-key-id-here}
Even after you distribute your public key, the verification servers at Sonatype seem to have a cache that expires gradually, So for a few uploads you may see some validation errors, which will decrease over time as the caches expire. Keep trying until all of the error vanish.
Last modified on 5 Mar 2024 by AO
Copyright © 2024 Andrew Oliver