You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Pablo <pa...@tiger.com.pl> on 2006/02/22 14:48:54 UTC
Problems with JarSignMojo
Hello everyone
I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
Out of the box it's not useable.
1) If I set verify to true the following code is done:
if ( verify )
{
JarSignVerifyMojo verify = new JarSignVerifyMojo();
verify.setWorkingDir( workingDirectory );
verify.setBasedir( basedir );
verify.setJarPath( getJarFile() );
verify.setVerbose( verbose );
verify.execute();
}
I think there is a bug. Since getJarFile() returns unsigned jar
JarSignVerifyMojo:execute() will definitely fail.
There should be verify.setJarPath( *signedjar* ); instead of
verify.setJarPath( *getJarFile()* );
2) There is no way (at least I'm not aware of any) to sign a jar without
specifying signedjar parameter. What if would like to use the signed jar
in a module which depends on this particular project?
There should be a way to overwrite signedjar field with null. If
signedjar is null, jarsigner will not be supplied with -signedjar
parameter and will sign target/${artifactId}.jar jar file instead of
creating target/signed/${artifactId}.jar file. And it will allow me to
use this artifact in other projects which depend on it.
Cheers
Pablo
Re: Problems with JarSignMojo
Posted by Pablo <pa...@tiger.com.pl>.
Brett Porter wrote:
>Is this MJAR-32?
>
>
Yes it is.
Jerome attached a patch which solved "verify" problem but it's still far
away from what I would call a complete JarSingMojo.
There is still an issue with making the in-place signing (read my
comments in the MJAR-32) which prevents me from using this Mojo.
Cheers
Pablo
>Pablo wrote:
>
>
>>Hello everyone
>>
>>I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
>>Out of the box it's not useable.
>>1) If I set verify to true the following code is done:
>> if ( verify )
>> {
>> JarSignVerifyMojo verify = new JarSignVerifyMojo();
>> verify.setWorkingDir( workingDirectory );
>> verify.setBasedir( basedir );
>> verify.setJarPath( getJarFile() );
>> verify.setVerbose( verbose );
>> verify.execute();
>> }
>>I think there is a bug. Since getJarFile() returns unsigned jar
>>JarSignVerifyMojo:execute() will definitely fail.
>>There should be verify.setJarPath( *signedjar* ); instead of
>>verify.setJarPath( *getJarFile()* );
>>
>>2) There is no way (at least I'm not aware of any) to sign a jar without
>>specifying signedjar parameter. What if would like to use the signed jar
>>in a module which depends on this particular project?
>>
>>There should be a way to overwrite signedjar field with null. If
>>signedjar is null, jarsigner will not be supplied with -signedjar
>>parameter and will sign target/${artifactId}.jar jar file instead of
>>creating target/signed/${artifactId}.jar file. And it will allow me to
>>use this artifact in other projects which depend on it.
>>
>>Cheers
>>Pablo
>>
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>For additional commands, e-mail: dev-help@maven.apache.org
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Problems with JarSignMojo
Posted by Brett Porter <br...@apache.org>.
Is this MJAR-32?
Pablo wrote:
> Hello everyone
>
> I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
> Out of the box it's not useable.
> 1) If I set verify to true the following code is done:
> if ( verify )
> {
> JarSignVerifyMojo verify = new JarSignVerifyMojo();
> verify.setWorkingDir( workingDirectory );
> verify.setBasedir( basedir );
> verify.setJarPath( getJarFile() );
> verify.setVerbose( verbose );
> verify.execute();
> }
> I think there is a bug. Since getJarFile() returns unsigned jar
> JarSignVerifyMojo:execute() will definitely fail.
> There should be verify.setJarPath( *signedjar* ); instead of
> verify.setJarPath( *getJarFile()* );
>
> 2) There is no way (at least I'm not aware of any) to sign a jar without
> specifying signedjar parameter. What if would like to use the signed jar
> in a module which depends on this particular project?
>
> There should be a way to overwrite signedjar field with null. If
> signedjar is null, jarsigner will not be supplied with -signedjar
> parameter and will sign target/${artifactId}.jar jar file instead of
> creating target/signed/${artifactId}.jar file. And it will allow me to
> use this artifact in other projects which depend on it.
>
> Cheers
> Pablo
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org