You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by hb...@apache.org on 2021/05/08 20:15:39 UTC
[maven-artifact-plugin] branch master updated: [MARTIFACT-16] use
gpgverify plugin to check dependencies signatures
This is an automated email from the ASF dual-hosted git repository.
hboutemy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-artifact-plugin.git
The following commit(s) were added to refs/heads/master by this push:
new 08eb4d2 [MARTIFACT-16] use gpgverify plugin to check dependencies signatures
08eb4d2 is described below
commit 08eb4d2cd59c939e86da2759fb3dd59da97f6d7d
Author: Hervé Boutemy <hb...@apache.org>
AuthorDate: Wed Mar 10 21:29:09 2021 +0100
[MARTIFACT-16] use gpgverify plugin to check dependencies signatures
---
pgp-keys-map.list | 21 +++++++++++++++++++++
pom.xml | 28 ++++++++++++++++++++++++++++
2 files changed, 49 insertions(+)
diff --git a/pgp-keys-map.list b/pgp-keys-map.list
new file mode 100644
index 0000000..7b180a6
--- /dev/null
+++ b/pgp-keys-map.list
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+commons-codec:commons-codec = 0xBC87A3FD0A54480F0BADBEBD21939FF0CA2A6567
+commons-io:commons-io = 0xCD5464315F0B98C77E6E8ECD9DAADC1C9FCC82D0
+org.apache.maven.* = 0xB920D295BF0E61CB4CF0896C33CD6733AF5EC452
+org.codehaus.plexus = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
diff --git a/pom.xml b/pom.xml
index 12eaec5..dfa1b7f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -145,6 +145,34 @@
</dependency-->
</dependencies>
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.simplify4u.plugins</groupId>
+ <artifactId>pgpverify-maven-plugin</artifactId>
+ <version>1.11.0</version>
+ <configuration>
+ <keysMapLocation>${project.basedir}/pgp-keys-map.list</keysMapLocation>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ <plugins>
+ <plugin>
+ <groupId>org.simplify4u.plugins</groupId>
+ <artifactId>pgpverify-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
<profiles>
<profile>
<id>run-its</id>