I want to publish a new version of my functional logger in Scala ("Flog"). The changes to the code are relatively minor. I've upgraded some dependencies, including to Scala 2.13.16. I haven't changed any of the publishing configuration files. I'm running sbt version 1.9.9 with the following plugins:

addSbtPlugin("com.github.sbt" % "sbt-pgp" % "2.1.2")
addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "3.9.5")

Java version is: openjdk 23 2024-09-17

Here is the output that I receive when I run sbt in a terminal window (I've replaced my home directory with ).

[info] welcome to sbt 1.9.9 (Homebrew Java 23)
[info] loading settings for project global-plugins from gpg.sbt,idea.sbt ...
[info] loading global plugins from <home>/.sbt/1.0/plugins
[info] loading settings for project flog-build from plugins.sbt ...
[info] loading project definition from <home>/IdeaProjects/Flog/project
[info] loading settings for project flog from build.sbt,publish.sbt ...
[info] set current project to flog (in build file:<home>/IdeaProjects/Flog/)
[warn] there are 3 keys that are not used by any other settings/tasks:
[warn]  
[warn] * ThisBuild / organization
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:1
[warn] * ThisBuild / pomIncludeRepository
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:27
[warn] * ThisBuild / publishMavenStyle
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:33
[warn]  
[warn] note: a setting might still be used by a command; to exclude a key from this `lintUnused` check
[warn] either append it to `Global / excludeLintKeys` or call .withRank(KeyRanks.Invisible) on the key
[info] sbt server started at local://<home>/.sbt/1.0/server/91203c874e932486daf6/sock
[info] started sbt server
sbt:flog> publishSigned
[info] Wrote <home>/IdeaProjects/Flog/target/scala-2.13/flog_2.13-1.0.10.pom
[info] compiling 3 Scala sources to <home>/IdeaProjects/Flog/target/scala-2.13/classes ...
[info] Main Scala API documentation to <home>/IdeaProjects/Flog/target/scala-2.13/api...
[info] Main Scala API documentation successful.
[warn] versionScheme setting is empty; set `ThisBuild / versionScheme := Some("early-semver")`, `Some("semver-spec")` or `Some("pvp")`
[warn] so tooling can use it for eviction errors etc - .x/docs/Publishing.html
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[error] stack trace is suppressed; run last publishSigned for the full output
[error] (publishSigned) java.ProtocolException: Server redirected too many times (20)
[error] Total time: 11 s, completed Jan 19, 2025, 9:58:59 AM
sbt:flog> last publishSigned
[debug] CLIENT ERROR: Content access is protected by token url=.13/1.0.10/flog_2.13-1.0.10-javadoc.jar.asc
[error] java.ProtocolException: Server redirected too many times (20)
[error]     at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62)
...
...

I know there are some warnings here but I don't really think they are causing the crash. There is no problem with the gpg commands--they are working fine, I believe (certainly I can do signing outside of sbt).

It appears that there is a problem with "my" directory at oss.sonatype but what that problem is I can't easily tell.

I want to publish a new version of my functional logger in Scala ("Flog"). The changes to the code are relatively minor. I've upgraded some dependencies, including to Scala 2.13.16. I haven't changed any of the publishing configuration files. I'm running sbt version 1.9.9 with the following plugins:

addSbtPlugin("com.github.sbt" % "sbt-pgp" % "2.1.2")
addSbtPlugin("org.xerial.sbt" % "sbt-sonatype" % "3.9.5")

Java version is: openjdk 23 2024-09-17

Here is the output that I receive when I run sbt in a terminal window (I've replaced my home directory with ).

[info] welcome to sbt 1.9.9 (Homebrew Java 23)
[info] loading settings for project global-plugins from gpg.sbt,idea.sbt ...
[info] loading global plugins from <home>/.sbt/1.0/plugins
[info] loading settings for project flog-build from plugins.sbt ...
[info] loading project definition from <home>/IdeaProjects/Flog/project
[info] loading settings for project flog from build.sbt,publish.sbt ...
[info] set current project to flog (in build file:<home>/IdeaProjects/Flog/)
[warn] there are 3 keys that are not used by any other settings/tasks:
[warn]  
[warn] * ThisBuild / organization
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:1
[warn] * ThisBuild / pomIncludeRepository
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:27
[warn] * ThisBuild / publishMavenStyle
[warn]   +- <home>/IdeaProjects/Flog/publish.sbt:33
[warn]  
[warn] note: a setting might still be used by a command; to exclude a key from this `lintUnused` check
[warn] either append it to `Global / excludeLintKeys` or call .withRank(KeyRanks.Invisible) on the key
[info] sbt server started at local://<home>/.sbt/1.0/server/91203c874e932486daf6/sock
[info] started sbt server
sbt:flog> publishSigned
[info] Wrote <home>/IdeaProjects/Flog/target/scala-2.13/flog_2.13-1.0.10.pom
[info] compiling 3 Scala sources to <home>/IdeaProjects/Flog/target/scala-2.13/classes ...
[info] Main Scala API documentation to <home>/IdeaProjects/Flog/target/scala-2.13/api...
[info] Main Scala API documentation successful.
[warn] versionScheme setting is empty; set `ThisBuild / versionScheme := Some("early-semver")`, `Some("semver-spec")` or `Some("pvp")`
[warn] so tooling can use it for eviction errors etc - https://www.scala-sbt.org/1.x/docs/Publishing.html
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[info] gpg: using "F......3" as default secret key for signing
[error] stack trace is suppressed; run last publishSigned for the full output
[error] (publishSigned) java.net.ProtocolException: Server redirected too many times (20)
[error] Total time: 11 s, completed Jan 19, 2025, 9:58:59 AM
sbt:flog> last publishSigned
[debug] CLIENT ERROR: Content access is protected by token url=https://oss.sonatype.org/service/local/staging/deploy/maven2/com/phasmidsoftware/flog_2.13/1.0.10/flog_2.13-1.0.10-javadoc.jar.asc
[error] java.net.ProtocolException: Server redirected too many times (20)
[error]     at java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:62)
...
...

I know there are some warnings here but I don't really think they are causing the crash. There is no problem with the gpg commands--they are working fine, I believe (certainly I can do signing outside of sbt).

It appears that there is a problem with "my" directory at oss.sonatype.org but what that problem is I can't easily tell.

• scala
• sbt
• sonatype

• 1 Have you created your sonatype account after Feb 2021? If that's right, there is a message at sbt-sonatype README saying By default, this plugin is configured to use the legacy Sonatype repository oss.sonatype.org. If you created a new account on or after February 2021, add sonatypeCredentialHost. The issue reported at sbt-gpg - Server redirected too many times #182 was because wrong credentials were setup – Gastón Schabas Commented Jan 19 at 16:52
• I should add that I can login via the web interface to oss.sonatype.org so my credentials do match. – Phasmid Commented Jan 19 at 16:53
• @GastónSchabas no, I'm pretty sure that I started the account before then. But I can check that, thanks. – Phasmid Commented Jan 19 at 16:54
• 1 Maybe the plugin mechanism no longer allows username + password as credentials (github.com/scapegoat-scala/scapegoat/issues/851). I will see if that's the problem. – Phasmid Commented Jan 19 at 17:05
• 1 Are you using sbt-sonatype 3.9.5 released on Nov, 2020? Latest version is 3.12.2 from Oct, 2024. From sbt-ci-release #181 - comment, looks like they fixed some things at 3.9.6 – Gastón Schabas Commented Jan 19 at 17:10

1 Answer 1

Closing this question with an easily discovered answer (not my own). See comment by @Gaël J:

Sonatype changed the way to authenticate a few months ago. You need to use a toke now. See central.sonatype.org/news/20240617_migration_of_accounts and central.sonatype.org/publish/generate-token