Appendix: Release Prereqs

This section (appendix) describes the prerequisites for the release process.

Public/private key

The most important configuration you require is to set up public/private key pair. This is used by the maven-release-plugin to sign the code artifacts. See the page on key generation for more details.

In order to prepare the release, you’ll (need to) have a ~/.gnupg directory with the relevant files (gpg.conf, pubring.gpg, secring.gpg etc), and have gpg on your operating system PATH.

If on Windows, the equivalent directory is c:\users\xxx\appdata\roaming\gnupg. For gpg, use either or

Note also that the mSysGit version of gpg.exe (as provided by GitHub’s bash client) is not compatible with that provided by cygwin; move it to one side and check that gpg.exe being used is that from gpg4win.

If you use Atlassian’s SourceTree, this also bundles a version of gpg.exe that is not compatible (in C:\Users\xxx\AppData\Local\Atlassian\SourceTree\git_local\usr\bin); again, move it to one side and instead use the one provided by gpg4win.

Maven settings.xml

During the release process the maven-deploy-plugin uploads the generated artifacts to a staging repo on the Apache repository manager. This requires your Apache LDAP credentials to be specified in your ~/.m2/settings.xml file:


where xxxxxxx and yyyyyyy are your Apache LDAP username and password. For more information, see these ASF docs.

It is also possible to configure to use .ssh secure keys, and thereby avoid hardcoding your Apache LDAP password into your .m2/settings.xml file. A description of how to do this can be found, for example, here.

Also, set up keyphrase for gpg; this avoids being prompted during release:

      <gpg.passphrase>this is not really my passphrase</gpg.passphrase>