Permalink
Browse files

Document gpg key generation in deployment guide. Fixes #721.

  • Loading branch information...
1 parent 7abcb57 commit 50e14e06e6371e816777e52f7f8f98b9937f5111 @technomancy committed Aug 11, 2012
Showing with 27 additions and 12 deletions.
  1. +17 −4 doc/DEPLOY.md
  2. +9 −7 doc/TUTORIAL.md
  3. +1 −1 todo.org
View
@@ -9,9 +9,13 @@ However, deploying is not always that straightforward.
There may be times when you want to make a library available to your
team without making it public. This is best done by setting up a
-private repository. The simplest kind of private repository is an
-[Amazon S3](http://aws.amazon.com/s3/) bucket. You can deploy to S3
-buckets using [S3 wagon private](https://github.com/technomancy/s3-wagon-private).
+private repository. The simplest kind of private repository is a web
+server pointed at a directory full of static files. You can use a
+`file:///` URL in your `:repositories` key to deploy that way if the
+directory is local to the machine on which Leiningen is running.
+[Amazon S3](http://aws.amazon.com/s3/) buckets are another simple
+choice; you can deploy to S3 buckets using
+[S3 wagon private](https://github.com/technomancy/s3-wagon-private).
Alternatively you can run a private repository on your own server.
Both [Archiva](http://archiva.apache.org/) and
@@ -69,6 +73,11 @@ First write your credentials map to `~/.lein/credentials.clj` like so:
{:username "AKIAIN..." :passphrase "1TChrGK4s..."}}
```
+If you don't have a key pair yet, it's easy to generate one. The
+defaults should serve you well, but be sure to pick a strong passphrase.
+
+ $ gpg --gen-key
+
Then encrypt it with `gpg`:
$ gpg --default-recipient-self -e \
@@ -83,7 +92,11 @@ once per login.
On some systems you will be prompted for your GPG passphrase if you
haven't entered it. If yours does not, you can install
[Keychain](https://github.com/funtoo/keychain), which provides this
-functionality portably.
+functionality portably. Your key will also be used for signing
+artifacts if the version is not a snapshot, so you may be asked for
+the passphrase multiple times if the agent is not configured. To
+disable signing of releases, set `:sign-releases` to false in the
+`:repositories` entry you are targeting.
Unattended builds can specify `:env` instead of `:gpg` in the
repository specification to have credentials looked up in the
View
@@ -361,8 +361,7 @@ programs can be packaged up as tarballs with accompanied shell scripts
using the [lein-tar plugin](https://github.com/technomancy/lein-tar)
and then deployed using
[pallet](http://hugoduncan.github.com/pallet/),
-[chef](http://opscode.com/chef/), or other mechanisms. Debian packages
-can be created with [lein-deb](https://github.com/travis/lein-deb).
+[chef](http://opscode.com/chef/), or other mechanisms.
Web applications may be deployed as uberjars using embedded Jetty with
`ring-jetty-adapter` or as .war (web application archive) files
created by the
@@ -399,8 +398,8 @@ If your project is a library and you would like others to be able to
use it as a dependency in their projects, you will need to get it into
a public repository. While it's possible to
[maintain your own private repository](https://github.com/technomancy/leiningen/blob/preview/doc/DEPLOY.md)
-or get it into Central, the easiest way is to publish it at
-[Clojars](http://clojars.org). Once you have
+or get it into [Central](http://search.maven.org), the easiest way is
+to publish it at [Clojars](http://clojars.org). Once you have
[created an account](https://clojars.org/register) there, publishing
is easy:
@@ -426,10 +425,13 @@ is easy:
Once that succeeds it will be available as a package on which other
projects may depend. For instructions on storing your credentials so
-they don't have to be re-entered every time, see `lein help deploying`.
-For further details about publishing including setting up private
-repositories, see the
+they don't have to be re-entered every time, see `lein help
+deploying`. When deploying a release that's not a snapshot, Leiningen
+will attempt to sign it using [GPG](http://gnupg.org) to prove your
+authorship of the release. See the
[deploy guide](https://github.com/technomancy/leiningen/blob/preview/doc/DEPLOY.md).
+for details of how to set that up. The deploy guide includes
+instructions for deploying to other repositories as well.
## That's It!
View
@@ -20,8 +20,8 @@ See also https://github.com/technomancy/leiningen/issues
- [X] OOM in repl with lots of output (#691)
- [X] Search indices on Central have moved (#683)
- [X] Better error messages on failed repl :connect (#723)
+ - [X] Document key generation (#721)
- [-] Honor hooks/metadata in from plugins (#401)
- - [ ] Document key generation (#721)
** 2.0.0-preview7
- [X] Address chaining issues in with-profile (#632)
- [X] Address gpg agent issues (#615)

0 comments on commit 50e14e0

Please sign in to comment.