开源项目SDK:https://github.com/mingyang66/spring-parent
个人文档:https://mingyang66.github.io/raccoon-docs/#/
一、敏感信息泄漏警告
执行mvn install或mvn deploy时控制台会报如下告警:
[WARNING] Parameter 'passphrase' (user property 'gpg.passphrase') is deprecated: Do not use this configuration, it may leak sensitive information. Rely on gpg-agent or env variables instead.
[WARNING]
[WARNING] W A R N I N G
[WARNING]
[WARNING] Do not store passphrase in any file (disk or SCM repository),
[WARNING] instead rely on GnuPG agent or provide passphrase in
[WARNING] MAVEN_GPG_PASSPHRASE environment variable for batch mode.
[WARNING]
[WARNING] Sensitive content loaded from Mojo configuration
[WARNING]
[INFO] Signer 'gpg' is signing 1 file with key default
发生上述告警的原因是在pom.xml或maven的setting.xml中配置了密码明文,解决方法是将密码存储在环境变量中:
Mac OS系统执行如下命令:
export MAVEN_GPG_PASSPHRASE='your-passphrase'
mvn clean deploy -Dgpg.skip=false
Windows系统执行如下命令:
set MAVEN_GPG_PASSPHRASE=your-passphrase
mvn clean deploy -Dgpg.skip=false
或者在windows powershell中使用:
$env:MAVEN_GPG_PASSPHRASE='your-passphrase'
mvn clean deploy -Dgpg.skip=false