Maven Repo...

I am in the process w/ central.sonatype.com to get control over the namespace 'org.jogamp' (again).

I will use
- id 'jogamp'
- email 'maven@jogamp.org'
- gpg: 'JogAmp Maven Deployment <maven@jogamp.org>'
  - fingerprint 27B5 A0A1 DB61 0401 C69C 7A22 E8BD B267 27D8 C759

Will post results here when they reply to my request

I currently redeploy 2.6.0 maven files using the new gpg signature as shown above.
Next step is to deploy to maven central (sonatype).

To make this working properly, i.e. kicking-off deployment from my developer machine
using my local private keys, I had to bump maven extension maven-wagon
to my patched `wagon-ssh-external`, details:
<https://jogamp.org/cgit/jogamp-scripting.git/commit/?id=82ae2c8fc597df1abd6dc2ea61c253648fc12232>

Note: Yes, I finally got access to the `org.jogamp` namespace at sonatype.

The redeploy on jogamp.org is complete.

Re Sonatype's central:
- Bumped https://jogamp.org/cgit/jogamp-scripting.git/tree/maven/README.md
- git https://jogamp.org/cgit/jogamp-scripting.git

So handling the new OSSRH Staging API, works OK - but:

Please note, that we still have issues uploading large files > ~26MB,
as they seem to get truncated and hence sha1, md5 and gpg signatures fail.
   
Still a WIP - I have contacted them with this issue!

for transparency, the email:

Dear Central Team,

after getting along with w/ the new  OSSRH Staging API
using these curl commands to manage the staging area and
release them into the central namespace ...

I get error due to 'big' files being incomplete, i.e. truncated.
Hence the signature, sha1 and md5 checks failed in the 'upload API command'.

original  : jogl-all-mobile-2.6.0-sources.jar 27371614 bytes
on central: jogl-all-mobile-2.6.0-sources.jar 27370613 bytes

The whole 'package' is therefor marked failed in the publish view.

The sha1, md5 and gpg asc files itself are correct,
as well as many other uploaded artifacts not exceeding ~26MB.

I use:
- 'mvn gpg:sign-and-deploy-file ...'
  - <https://maven.apache.org/plugins/maven-gpg-plugin/sign-and-deploy-file-mojo.html>
- apache-maven-3.9.11
  - org.apache.maven.wagon 3.5.3
- maven-gpg-plugin 3.2.8
- OSSRH Staging API via curl
 
<https://ossrh-staging-api.central.sonatype.com/swagger-ui/#/default/manual_upload_repository>

Below an excerpt regarding of the upload log of the truncated file
`jogl-all-mobile-2.6.0-sources.jar`.

Please advise.

Thank you.

Best regards,

~Sven

gpg: writing to '/usr/local/projects/JogAmp/jogamp-scripting/maven/output/jogl-all-mobile/2.6.0/jogl-all-mobile-2.6.0-sources.jar.asc'

...

Uploaded to jogamp-sonatype: https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/org/jogamp/jogl/jogl-all-mobile/2.6.0/jogl-all-mobile-2.6.0-sources.jar.asc (858 B at 147 B/s)

Uploaded to jogamp-sonatype: https://ossrh-staging-api.central.sonatype.com/service/local/staging/deploy/maven2/org/jogamp/jogl/jogl-all-mobile/2.6.0/jogl-all-mobile-2.6.0-sources.jar (27 MB at 1.4 MB/s)

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  33.880 s
[INFO] Finished at: 2025-09-07T11:44:47+02:00
[INFO] ------------------------------------------------------------------------

Sonatype Upload

 81
{"error":"Failed to process request: Deployment reached an unexpected status: Failed\npkg:maven/org.jogamp.jogl/jogl-all-mobile@2.6.0\n- Invalid md5 checksum for file: jogl-all-mobile-2.6.0-sources.jar\n- Invalid sha1 checksum for file: jogl-all-mobile-2.6.0-sources.jar\n- Invalid signature for file: jogl-all-mobile-2.6.0-sources.jar.asc"}

Sonatype Repos Post Upload
195
{"repositories":[{"key":"Fq1oyr/95.91.145.112/org.jogamp--default-repository","state":"closed","description":null,"portal_deployment_id":"b94a5283-fab3-4a67-a79e-5e03f5b72a07"}]}

A workaround is to compress the bigger files, i.e. *source* jar files.

Hence all artifacts are now published on maven central now.

+++

traditionally we didn't compress them for fast usage within IDEs,
but perhaps this is no more an issue today.

I still would like to learn what the issue is here,
i.e. a local issue on my maven 3.9 setup (I tried different http transports or maven version w/o success)
- or - an issue on the Sonatype server side.

If anybody has experience in this matter, please share/help.

On sonatype, namespace org.jogamp we have 2 other ppl registered
and I can't remember now who they are or what they publish.
- bgroenks
- etsvigun

Ideas? If you are one of these two, please reply. Thank you.

Added article Publishing on Sonatype’s Central Maven Repo.