Home / Java Patterns and Pitfalls     frequal.com

Mysterious Partial Signing Errors Uploading To Sonatype

If you encounter errors like there when uploading to Sonatype (Maven Central):
    Invalid signature for file: my-package-0.3.0-javadoc.jar
    Invalid signature for file: my-package-0.3.0.pom
Be sure you have distributed your public key to a key server.
gpg --keyserver keyserver.ubuntu.com --send-keys {your-key-id-here}
Even after you distribute your public key, the verification servers at Sonatype seem to have a cache that expires gradually, So for a few uploads you may see some validation errors, which will decrease over time as the caches expire. Keep trying until all of the error vanish.
Last modified on 5 Mar 2024 by AO

Copyright © 2024 Andrew Oliver