You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by hb...@apache.org on 2021/05/08 20:15:39 UTC

[maven-artifact-plugin] branch master updated: [MARTIFACT-16] use gpgverify plugin to check dependencies signatures

This is an automated email from the ASF dual-hosted git repository.

hboutemy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-artifact-plugin.git


The following commit(s) were added to refs/heads/master by this push:
     new 08eb4d2  [MARTIFACT-16] use gpgverify plugin to check dependencies signatures
08eb4d2 is described below

commit 08eb4d2cd59c939e86da2759fb3dd59da97f6d7d
Author: Hervé Boutemy <hb...@apache.org>
AuthorDate: Wed Mar 10 21:29:09 2021 +0100

    [MARTIFACT-16] use gpgverify plugin to check dependencies signatures
---
 pgp-keys-map.list | 21 +++++++++++++++++++++
 pom.xml           | 28 ++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)

diff --git a/pgp-keys-map.list b/pgp-keys-map.list
new file mode 100644
index 0000000..7b180a6
--- /dev/null
+++ b/pgp-keys-map.list
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+commons-codec:commons-codec = 0xBC87A3FD0A54480F0BADBEBD21939FF0CA2A6567
+commons-io:commons-io = 0xCD5464315F0B98C77E6E8ECD9DAADC1C9FCC82D0
+org.apache.maven.* = 0xB920D295BF0E61CB4CF0896C33CD6733AF5EC452
+org.codehaus.plexus = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
diff --git a/pom.xml b/pom.xml
index 12eaec5..dfa1b7f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -145,6 +145,34 @@
     </dependency-->
   </dependencies>
 
+  <build>
+    <pluginManagement>
+      <plugins>
+        <plugin>
+          <groupId>org.simplify4u.plugins</groupId>
+          <artifactId>pgpverify-maven-plugin</artifactId>
+          <version>1.11.0</version>
+          <configuration>
+            <keysMapLocation>${project.basedir}/pgp-keys-map.list</keysMapLocation>
+          </configuration>                        
+        </plugin>
+      </plugins>
+    </pluginManagement>
+    <plugins>
+      <plugin>
+        <groupId>org.simplify4u.plugins</groupId>
+        <artifactId>pgpverify-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <goals>
+              <goal>check</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
   <profiles>
     <profile>
       <id>run-its</id>