You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@maven.apache.org by Pablo <pa...@tiger.com.pl> on 2006/02/22 14:48:54 UTC

Problems with JarSignMojo

Hello everyone

I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
Out of the box it's not useable.
1) If I set verify to true the following code is done:
        if ( verify )
        {
            JarSignVerifyMojo verify = new JarSignVerifyMojo();
            verify.setWorkingDir( workingDirectory );
            verify.setBasedir( basedir );
            verify.setJarPath( getJarFile() );
            verify.setVerbose( verbose );
            verify.execute();
        }
I think there is a bug. Since getJarFile() returns unsigned jar 
JarSignVerifyMojo:execute() will definitely fail.
There should be verify.setJarPath( *signedjar* ); instead of 
verify.setJarPath( *getJarFile()* );

2) There is no way (at least I'm not aware of any) to sign a jar without 
specifying signedjar parameter. What if would like to use the signed jar 
in a module which depends on this particular project?

There should be a way to overwrite signedjar field with null. If 
signedjar is null, jarsigner will not be supplied with -signedjar 
parameter and will sign target/${artifactId}.jar jar file instead of 
creating target/signed/${artifactId}.jar file. And it will allow me to 
use this artifact in other projects which depend on it.

Cheers
Pablo

Re: Problems with JarSignMojo

Posted by Pablo <pa...@tiger.com.pl>.

Brett Porter wrote:

>Is this MJAR-32?
>  
>
Yes it is.
Jerome attached a patch which solved "verify" problem but it's still far 
away from what I would call a complete JarSingMojo.
There is still an issue with making the in-place signing (read my 
comments in the MJAR-32) which prevents me from using this Mojo.

Cheers
Pablo

>Pablo wrote:
>  
>
>>Hello everyone
>>
>>I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
>>Out of the box it's not useable.
>>1) If I set verify to true the following code is done:
>>       if ( verify )
>>       {
>>           JarSignVerifyMojo verify = new JarSignVerifyMojo();
>>           verify.setWorkingDir( workingDirectory );
>>           verify.setBasedir( basedir );
>>           verify.setJarPath( getJarFile() );
>>           verify.setVerbose( verbose );
>>           verify.execute();
>>       }
>>I think there is a bug. Since getJarFile() returns unsigned jar
>>JarSignVerifyMojo:execute() will definitely fail.
>>There should be verify.setJarPath( *signedjar* ); instead of
>>verify.setJarPath( *getJarFile()* );
>>
>>2) There is no way (at least I'm not aware of any) to sign a jar without
>>specifying signedjar parameter. What if would like to use the signed jar
>>in a module which depends on this particular project?
>>
>>There should be a way to overwrite signedjar field with null. If
>>signedjar is null, jarsigner will not be supplied with -signedjar
>>parameter and will sign target/${artifactId}.jar jar file instead of
>>creating target/signed/${artifactId}.jar file. And it will allow me to
>>use this artifact in other projects which depend on it.
>>
>>Cheers
>>Pablo
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
>For additional commands, e-mail: dev-help@maven.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

Re: Problems with JarSignMojo

Posted by Brett Porter <br...@apache.org>.

Is this MJAR-32?

Pablo wrote:
> Hello everyone
> 
> I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
> Out of the box it's not useable.
> 1) If I set verify to true the following code is done:
>        if ( verify )
>        {
>            JarSignVerifyMojo verify = new JarSignVerifyMojo();
>            verify.setWorkingDir( workingDirectory );
>            verify.setBasedir( basedir );
>            verify.setJarPath( getJarFile() );
>            verify.setVerbose( verbose );
>            verify.execute();
>        }
> I think there is a bug. Since getJarFile() returns unsigned jar
> JarSignVerifyMojo:execute() will definitely fail.
> There should be verify.setJarPath( *signedjar* ); instead of
> verify.setJarPath( *getJarFile()* );
> 
> 2) There is no way (at least I'm not aware of any) to sign a jar without
> specifying signedjar parameter. What if would like to use the signed jar
> in a module which depends on this particular project?
> 
> There should be a way to overwrite signedjar field with null. If
> signedjar is null, jarsigner will not be supplied with -signedjar
> parameter and will sign target/${artifactId}.jar jar file instead of
> creating target/signed/${artifactId}.jar file. And it will allow me to
> use this artifact in other projects which depend on it.
> 
> Cheers
> Pablo
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org