Browse files

Document gpg key generation in deployment guide. Fixes #721.

  • Loading branch information...
1 parent 7abcb57 commit 50e14e06e6371e816777e52f7f8f98b9937f5111 @technomancy committed Aug 11, 2012
Showing with 27 additions and 12 deletions.
  1. +17 −4 doc/
  2. +9 −7 doc/
  3. +1 −1
@@ -9,9 +9,13 @@ However, deploying is not always that straightforward.
There may be times when you want to make a library available to your
team without making it public. This is best done by setting up a
-private repository. The simplest kind of private repository is an
-[Amazon S3]( bucket. You can deploy to S3
-buckets using [S3 wagon private](
+private repository. The simplest kind of private repository is a web
+server pointed at a directory full of static files. You can use a
+`file:///` URL in your `:repositories` key to deploy that way if the
+directory is local to the machine on which Leiningen is running.
+[Amazon S3]( buckets are another simple
+choice; you can deploy to S3 buckets using
+[S3 wagon private](
Alternatively you can run a private repository on your own server.
Both [Archiva]( and
@@ -69,6 +73,11 @@ First write your credentials map to `~/.lein/credentials.clj` like so:
{:username "AKIAIN..." :passphrase "1TChrGK4s..."}}
+If you don't have a key pair yet, it's easy to generate one. The
+defaults should serve you well, but be sure to pick a strong passphrase.
+ $ gpg --gen-key
Then encrypt it with `gpg`:
$ gpg --default-recipient-self -e \
@@ -83,7 +92,11 @@ once per login.
On some systems you will be prompted for your GPG passphrase if you
haven't entered it. If yours does not, you can install
[Keychain](, which provides this
-functionality portably.
+functionality portably. Your key will also be used for signing
+artifacts if the version is not a snapshot, so you may be asked for
+the passphrase multiple times if the agent is not configured. To
+disable signing of releases, set `:sign-releases` to false in the
+`:repositories` entry you are targeting.
Unattended builds can specify `:env` instead of `:gpg` in the
repository specification to have credentials looked up in the
@@ -361,8 +361,7 @@ programs can be packaged up as tarballs with accompanied shell scripts
using the [lein-tar plugin](
and then deployed using
-[chef](, or other mechanisms. Debian packages
-can be created with [lein-deb](
+[chef](, or other mechanisms.
Web applications may be deployed as uberjars using embedded Jetty with
`ring-jetty-adapter` or as .war (web application archive) files
created by the
@@ -399,8 +398,8 @@ If your project is a library and you would like others to be able to
use it as a dependency in their projects, you will need to get it into
a public repository. While it's possible to
[maintain your own private repository](
-or get it into Central, the easiest way is to publish it at
-[Clojars]( Once you have
+or get it into [Central](, the easiest way is
+to publish it at [Clojars]( Once you have
[created an account]( there, publishing
is easy:
@@ -426,10 +425,13 @@ is easy:
Once that succeeds it will be available as a package on which other
projects may depend. For instructions on storing your credentials so
-they don't have to be re-entered every time, see `lein help deploying`.
-For further details about publishing including setting up private
-repositories, see the
+they don't have to be re-entered every time, see `lein help
+deploying`. When deploying a release that's not a snapshot, Leiningen
+will attempt to sign it using [GPG]( to prove your
+authorship of the release. See the
[deploy guide](
+for details of how to set that up. The deploy guide includes
+instructions for deploying to other repositories as well.
## That's It!
@@ -20,8 +20,8 @@ See also
- [X] OOM in repl with lots of output (#691)
- [X] Search indices on Central have moved (#683)
- [X] Better error messages on failed repl :connect (#723)
+ - [X] Document key generation (#721)
- [-] Honor hooks/metadata in from plugins (#401)
- - [ ] Document key generation (#721)
** 2.0.0-preview7
- [X] Address chaining issues in with-profile (#632)
- [X] Address gpg agent issues (#615)

0 comments on commit 50e14e0

Please sign in to comment.