You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Christian Schulte (JIRA)" <ji...@codehaus.org> on 2009/03/30 23:26:12 UTC

[jira] Issue Comment Edited: (MJAVADOC-228) Please add support for signing javadoc jar files.

    [ http://jira.codehaus.org/browse/MJAVADOC-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=171449#action_171449 ] 

Christian Schulte edited comment on MJAVADOC-228 at 3/30/09 4:24 PM:
---------------------------------------------------------------------

If nobody else wants to provide such a plugin, I'll prepare a maven-signer-plugin patch to have something to start with and attach it to this issue. Thinking about it, should such a mojo also contain the functionality of the maven-gpg-plugin ? If a general maven-signer-plugin would be available, I see no reason why not make it provide different signing strategies (jarsigner, gpg, what else?) Is there already some ArtifactSigner component available or something like this ? What would be the preferred design ? Provide an ArtifactSigner component in group org.apache.maven.shared.something and use that in the plugin ?

For consistency with the other plugins, I am just missing a maven-jarsigner-plugin, I think,  which can be executed independently of the maven-jar-plugin. There is a policy here to sign all jar files during release. For this, I added a release profile like:

{code}
    <profile>
      <id>release</id>
      <activation>
        <activeByDefault>false</activeByDefault>
      </activation>
      <build>
        <plugins>
          <plugin>
            <inherited>true</inherited>
            <artifactId>maven-jar-plugin</artifactId>
            <executions>
              <execution>
                <id>sign</id>
                <phase>package</phase>
                <goals>
                  <goal>sign</goal>
                </goals>
                <configuration>
                  <storepass>${jarsign.storepass}</storepass>
                  <keypass>${jarsign.keypass}</keypass>
                  <alias>${jarsign.alias}</alias>
                  <jarPath>${project.build.directory}/${project.build.finalName}.jar</jarPath>
                </configuration>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <inherited>true</inherited>
            <artifactId>maven-gpg-plugin</artifactId>
          </plugin>
          <plugin>
            <inherited>true</inherited>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-source-plugin</artifactId>
            <executions>
              <execution>
                <id>attach-sources</id>
                <goals>
                  <goal>jar</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <inherited>true</inherited>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-javadoc-plugin</artifactId>
            <executions>
              <execution>
                <id>attach-javadocs</id>
                <goals>
                  <goal>jar</goal>
                </goals>
              </execution>
            </executions>
          </plugin>
          <plugin>
            <inherited>true</inherited>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-deploy-plugin</artifactId>
            <configuration>
              <updateReleaseInfo>true</updateReleaseInfo>
            </configuration>
          </plugin>
        </plugins>
      </build>
    </profile>
{code}

This does not work for signing the source and javadoc jars since the jar:sign goal will be run before the source and javadoc plugins were run.

maven-jar-plugin: Plugin for the jar command line tool.
maven-gpg-plugin: Plugin for the gpg command line tool.
maven-jarsigner-plugin: Plugin for the jarsigner command line tool.

So create a maven-jarsigner-plugin based on the maven-jar-plugin's sign goal and deprecated jar:sign in favour of that ? WDYT


      was (Author: schulte2005):
    If nobody else wants to provide such a plugin, I'll prepare a maven-signer-plugin patch to have something to start with and attach it to this issue. Thinking about it, should such a mojo also contain the functionality of the maven-gpg-plugin ? If a general maven-signer-plugin would be available, I see no reason why not make it provide different signing strategies (jarsigner, gpg, what else?) Is there already some ArtifactSigner component available or something like this ? What would be the preferred design ? Provide an ArtifactSigner component in group org.apache.maven.shared.something and use that in the plugin ? WDYT

  
> Please add support for signing javadoc jar files.
> -------------------------------------------------
>
>                 Key: MJAVADOC-228
>                 URL: http://jira.codehaus.org/browse/MJAVADOC-228
>             Project: Maven 2.x Javadoc Plugin
>          Issue Type: Wish
>    Affects Versions: 2.5
>         Environment: Maven version: 2.0.10
> Java version: 1.5.0_17
> OS name: "linux" version: "2.6.29" arch: "i386" Family: "unix"
>            Reporter: Christian Schulte
>


-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira