You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Daniel Kulp (JIRA)" <ji...@codehaus.org> on 2009/05/05 17:25:45 UTC
[jira] Created: (MGPG-14) With maven 2.1.0 some poms end up with
invalid signatures
With maven 2.1.0 some poms end up with invalid signatures
---------------------------------------------------------
Key: MGPG-14
URL: http://jira.codehaus.org/browse/MGPG-14
Project: Maven 2.x GPG Plugin
Issue Type: Bug
Affects Versions: 1.0-alpha-4
Reporter: Daniel Kulp
Attachments: patch.txt
The pom-transformed.xml is installed, but gpg is signing the original pom.xml. Thus, the signature is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (MGPG-14) With maven 2.1.0 some poms end up with
invalid signatures
Posted by "Daniel Kulp (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MGPG-14?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Daniel Kulp updated MGPG-14:
----------------------------
Attachment: patch2.txt
New version of patch with comments to explain some of the hacks
> With maven 2.1.0 some poms end up with invalid signatures
> ---------------------------------------------------------
>
> Key: MGPG-14
> URL: http://jira.codehaus.org/browse/MGPG-14
> Project: Maven 2.x GPG Plugin
> Issue Type: Bug
> Affects Versions: 1.0-alpha-4
> Reporter: Daniel Kulp
> Attachments: patch.txt, patch2.txt
>
>
> The pom-transformed.xml is installed, but gpg is signing the original pom.xml. Thus, the signature is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MGPG-14) With maven 2.1.0 some poms end up with
invalid signatures
Posted by "John Casey (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MGPG-14?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Casey closed MGPG-14.
--------------------------
Assignee: John Casey
Resolution: Won't Fix
Fix Version/s: 1.0.beta-1
This has been fixed in Maven core for the 2.2.0 release, so a fix here is redundant.
> With maven 2.1.0 some poms end up with invalid signatures
> ---------------------------------------------------------
>
> Key: MGPG-14
> URL: http://jira.codehaus.org/browse/MGPG-14
> Project: Maven 2.x GPG Plugin
> Issue Type: Bug
> Affects Versions: 1.0-alpha-4
> Reporter: Daniel Kulp
> Assignee: John Casey
> Fix For: 1.0.beta-1
>
> Attachments: patch.txt, patch2.txt
>
>
> The pom-transformed.xml is installed, but gpg is signing the original pom.xml. Thus, the signature is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MGPG-14) With maven 2.1.0 some poms end up with
invalid signatures
Posted by "Daniel Kulp (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MGPG-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=175162#action_175162 ]
Daniel Kulp commented on MGPG-14:
---------------------------------
The attached patch seems to work fine for Maven 2.1.0 and 2.0.9. However, there is a little bit of "hackish" code in there that's I'd like some others to look at before I commit it.
> With maven 2.1.0 some poms end up with invalid signatures
> ---------------------------------------------------------
>
> Key: MGPG-14
> URL: http://jira.codehaus.org/browse/MGPG-14
> Project: Maven 2.x GPG Plugin
> Issue Type: Bug
> Affects Versions: 1.0-alpha-4
> Reporter: Daniel Kulp
> Attachments: patch.txt, patch2.txt
>
>
> The pom-transformed.xml is installed, but gpg is signing the original pom.xml. Thus, the signature is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (MGPG-14) With maven 2.1.0 some poms end up with
invalid signatures
Posted by "Daniel Kulp (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MGPG-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=177518#action_177518 ]
Daniel Kulp commented on MGPG-14:
---------------------------------
Is the fix to the maven core being back ported for maven 2.1.1? If not, then a fix here may be needed.
> With maven 2.1.0 some poms end up with invalid signatures
> ---------------------------------------------------------
>
> Key: MGPG-14
> URL: http://jira.codehaus.org/browse/MGPG-14
> Project: Maven 2.x GPG Plugin
> Issue Type: Bug
> Affects Versions: 1.0-alpha-4
> Reporter: Daniel Kulp
> Assignee: John Casey
> Fix For: 1.0.beta-1
>
> Attachments: patch.txt, patch2.txt
>
>
> The pom-transformed.xml is installed, but gpg is signing the original pom.xml. Thus, the signature is invalid.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira