Not published as a jar

[coltfred]

Why isn't this library published to maven central? As it stands it's roughly impossible for people to adopt.

[sequoiar]

@coltfred you can help on maven distribution and send a pull request.

[eygraber]

I can make a PR that will add maven publishing, but the owner of the repo will need to follow the steps here to set up a sonatype account and repo - https://central.sonatype.org/publish/publish-guide/

After that add the following 3 secrets to this repo:

SONATYPE_NEXUS_USERNAME -> your sonatype username SONATYPE_NEXUS_PASSWORD -> your sonatype password ARTIFACT_SIGNING_PRIVATE_KEY -> your exported ascii armored pgp key (gpg --armor --export-secret-key <your-key-id>)

Let me know when you do that, and I'll make a PR to have builds publish to maven on commits to master.

[sequoiar]

@eygraber I did create sonatype account and a jira issue for publish this repo. https://issues.sonatype.org/browse/OSSRH-69988

Not sure what you want to do. put my sonatype username/password on this repo ?

[eygraber]

They're requesting you make a repo under your account named OSSRH-69988 so they can verify you. I think once you make that repo they will automatically get notified and will verify your account shortly after (if not you can leave a comment at https://issues.sonatype.org/browse/OSSRH-69988 saying that you created the repo).

Then go to https://github.com/InstantWebP2P/tweetnacl-java/settings/secrets/actions and click the "New repository secret" button. Put SONATYPE_NEXUS_USERNAME as the name, and your sonatype username as the value. Then click the "Add secret" button.

Click the "New repository secret" button again. Put SONATYPE_NEXUS_PASSWORD as the name, and your sonatype password as the value. Then click the "Add secret" button.

Click the "New repository secret" button again. Put ARTIFACT_SIGNING_PRIVATE_KEY as the name, and your ascii armored pgp private key as the value (should look like -----BEGIN PGP PRIVATE KEY BLOCK-----...-----END PGP PRIVATE KEY BLOCK-----). Then click the "Add secret" button.

I will make a PR now that will use these values.

[sequoiar]

@eygraber where can I find PGP key ? or, how can I generate one ?

[eygraber]

https://www.google.com/amp/s/blog.sonatype.com/2010/01/how-to-generate-pgp-signatures-with-maven/%3fhs_amp=true

[sequoiar]

@eygraber the problem is I did not find PGP private key.

[eygraber]

That link I posted above has steps that you need to follow to generate the key.

[sequoiar]

I knew. but, I still not find private key. I am using M1.

orange@toms-MacBook-Air Aliyun % sudo gpg --list-secret-keys gpg: WARNING: unsafe ownership on homedir '/Users/orange/.gnupg' /Users/orange/.gnupg/pubring.kbx

sec ed25519 2021-06-10 [SC] [expires: 2023-06-10] 2726147E804FC0D83F33B2E1E90E92F7F33D53E8 uid [ultimate] sequoiar68 appnet.link@gmail.com ssb cv25519 2021-06-10 [E] [expires: 2023-06-10]

[eygraber]

I can generate the key for you. You can either give me an email address where I can send it, or give me admin permissions on the repo and I'll add it (you can remove the permissions afterwards).

[sequoiar]

@eygraber gpg key update done. please try again. thx.

[eygraber]

Looks like something went wrong with the key. Did you set a password on it?

[sequoiar]

try again with new key.

[eygraber]

I think only an admin can rerun it https://github.com/InstantWebP2P/tweetnacl-java/runs/2826260106?check_suite_focus=true

[sequoiar]

@eygraber the private key should be ok. you can go ahead check again why it still failed.

[eygraber]

You need to rerun the action. I don't have permission to do that.

If you made a password when creating the key I'll have to make some changes.

[sequoiar]

I have rerun after update key without password, but it still failed.

[eygraber]

Looks like the key worked fine, but there was an issue closing the repo. If you log in to sonatype you can drop any artifacts that are there, and I will make a PR to address the issue.

[eygraber]

@sequoiar looks like the repo isn't closing. You might want to log in to sonatype and see if there are any errors reported.

[sequoiar]

@eygraber can you check again ?

[eygraber]

There's nothing new to check. Were you able to log in to Sonatype to see what the issue was?