Further to this story.
I tried to deploy another small Clojure library to Clojars today. And found myself being asked for the passphrase to sign my update.
You need a passphrase to unlock the secret key for
user: “phil jones”
2048-bit RSA key, ID XXXXXX, created 2012-03-05
I got into a terrible confusion. Because, for the life of me, I couldn’t remember what passphrase I’d chosen to sign my Clojar last time. Had I just locked myself out of my Clojars account and the existing group and Patterning project?
A couple of hours faffing and I figured it out :
- my previous library WASN’T signed. It’s just in “Clojars Classic” and isn’t “promoted” so doesn’t require signing. That’s why I don’t remember signing it or inventing a pass-phrase.
- the reason that lein deploy was demanding a pass-phrase THIS TIME, was that in this library I’d decided to remove the word SNAPSHOT from the id in defproject.
lein deploy assumes that SNAPSHOTs default to being deployed in classic (the “free-for-all” part of Clojars) whereas non-SNAPSHOTS are intended to be deployed in the new “releases” repository, which is slightly more formalized arrangement, requiring author signing. - I have gpg on my machine, and I did set up signing for my email address a couple of years ago. This was nothing to do with the previous library I put on Clojars. It was when I was experimenting with encrypted email. (A practice that I’ve embarrassingly let slip since then, but should really go back to.) So that’s the pass-phrase that was being demanded, and that I’ve managed to forget (from 2012, not end of 2014). Not impressive, but not quite as bad as creating one four months ago and then totally forgetting about it.
That still leaves me with some problems when I eventually will want to put my libraries into “releases”) but at least I can still use Clojars. The library will have to continue as a SNAPSHOT though.