如何发布jar到clojars

发表于 更新于 分类于

Clojars 介绍

Clojars 是一个为开源 Clojure 类库打造的仓库,截止2017年9月17日,大概有19831个项目发布在上面。整个网站也是用 Clojure 编写的。

发布 Clojure library

1. 注册 clojars

前往 clojars 注册

2. lein 部署

1
$ lein deploy clojars # lein deploy [repository name], here the repo name is clojars.

如果不想加上 clojars 参数,则需要在当前项目下的 project.clj 添加如下内容

1
2
{:deploy-repositories [["releases" :clojars]
                       ["snapshots" :clojars]]}

这里注意一点:
这里使用 :deploy-repositories 而非 :repositories,原因是 :repositories 除了用于部署还会作为依赖源被项目使用。所以,如若必要,还是职责单一点好。这样,也可以加入 :user profile (~/.lein/profiles.clj) 供所有本地项目发布使用。

这个时候可以执行

1
2
3
4
5
6
$ lein deploy
No credentials found for snapshots(did you mean `lein deploy clojars`?) 
# 这里应该是 leiningen 的 bug,提示信息 `lein deploy clojars` 显得很奇怪,可以忽略之。
See `lein help deploying` for how to configure credentials to avoid prompts.
Username: username
Password: password

如上,这时会弹出用户名和密码输入框。为了节省时间,避免每次输入,最好把用户凭证 (credentials) 以文件的形式存放到用户范围的目录下,即*~/.lein/credentials.clj*,并做加密处理。

3. 设置全局的 credentials map

首先,把如下的 credentials map 写入 ~/.lein/credentials.clj

1
{#"https://clojars.org/repo" {:username "username_on_clojars" :password "password_on_clojars"}}

其次,使用 gpg 加密该文件

1
2
$ gpg --default-recipient-self -e \
    ~/.lein/credentials.clj > ~/.lein/credentials.clj.gpg

加密后,即可删除原文件 ~/.lein/credentials.clj。然后在:deploy-repositories map 中指定 :creds :gpg

1
2
3
4
{:deploy-repositories [["releases" :clojars
                        :creds :gpg]]
                       ["snapshots" :clojars
                        :creds :gpg]]}

完成上述,lein deploy 的时候即可解密 ~/.lein/credentials.clj.gpg,从中获取对应仓库的usernamepassword注:为了便于索引查找,credentials 使用正则表达式 #”https://clojars.org/repo“ 作为 key)

Error: gpg agent timeout

有时候,deploy 时会出现 gpg agent 超时的错误

1
2
3
4
5
6
$ lein deploy
gpg: problem with the agent: Timeout
gpg: decryption failed: No secret key
Could not decrypt credentials from /Users/qianyan/.lein/credentials.clj.gpg
nil
See `lein help gpg` for how to install gpg.

仔细搜索文档会发现下面这句很重要的话

Due to a bug in gpg you currently need to use gpg-agent and have already unlocked your key before Leiningen launches, but with gpg-agent you only have to enter your passphrase periodically; it will keep it cached for a given period.

大意是,leiningen 需要用到 gpg-agent,而且在 lein deploy 之前,就应该解锁密钥。

不实际操作的话,还是很难弄懂这句话具体的指代。我们不妨思考一下。

1. 看看后台是否有个进程叫做 gpg-agent?

1
2
$ ps -ef |grep gpg
  501 87095     1   0  8:27PM ??         0:00.00 gpg-agent --daemon

嗯,还真有!

2. gpg 直接解密 credentials.clj.gpg

1
2
3
4
5
6
$ gpg --decrypt ~/.lein/credentials.clj.gpg

You need a passphrase to unlock the secret key for
user: "Yan Qian (lambeta) <qianyan.lambda@gmail.com>"
2048-bit RSA key, ID E13DFD8A, created 2016-05-14 (main key ID 3C5030FF)
# 接下来,漫无止境的等待中...

这奇怪的等待让我不安,所以我使出了杀手锏 kill -9,直接把 gpg-agent 干掉。

3. 重新 gpg –decrypt

1
2
3
4
5
6
7
8
9
$ gpg --decrypt ~/.lein/credentials.clj.gpg

You need a passphrase to unlock the secret key for
user: "Yan Qian (lambeta) <qianyan.lambda@gmail.com>"
2048-bit RSA key, ID E13DFD8A, created 2016-05-14 (main key ID 3C5030FF)
# 这里要输入 passphrase
gpg: encrypted with 2048-bit RSA key, ID E13DFD8A, created 2016-05-14
      "Yan Qian (lambeta) <qianyan.lambda@gmail.com>"
{ #"https://clojars.org/repo" {:username "username_on_clojars" :password "password_on_clojars"}}

终于可以输入 passphrase 了,解密完成。这大概就是上面引文所说的 unlock your key before Leiningen launches.

4. 重新部署

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ lein deploy
Created /Users/qianyan/Projects/clojure-pr/clj-moco/target/clj-moco-0.1.0-SNAPSHOT.jar
Wrote /Users/qianyan/Projects/clojure-pr/clj-moco/pom.xml
Retrieving clj-moco/clj-moco/0.1.0-SNAPSHOT/maven-metadata.xml
    from https://clojars.org/repo/
Sending clj-moco/clj-moco/0.1.0-SNAPSHOT/clj-moco-0.1.0-20170917.122837-4.jar (10k)
    to https://clojars.org/repo/
Sending clj-moco/clj-moco/0.1.0-SNAPSHOT/clj-moco-0.1.0-20170917.122837-4.pom (3k)
    to https://clojars.org/repo/
Retrieving clj-moco/clj-moco/maven-metadata.xml
    from https://clojars.org/repo/
Sending clj-moco/clj-moco/0.1.0-SNAPSHOT/maven-metadata.xml (1k)
    to https://clojars.org/repo/
Sending clj-moco/clj-moco/maven-metadata.xml (1k)
    to https://clojars.org/repo/

没有出现 gpg-agent timeout 的错误,部署完成。

提示
1
2
3
--default-recipient-self
    Use the default key as default recipient if option --recipient is not used and don’t ask if this is a valid one.
    The default key is the first one from the secret keyring or the one set with --default-key.

参考链接
[1] Leiningen Deployment
[2] GPG: How to change the configuration