You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by ch...@apache.org on 2008/08/02 17:03:23 UTC

svn commit: r681993 - in /servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt: index.apt usage.apt

Author: chirino
Date: Sat Aug  2 08:03:23 2008
New Revision: 681993

URL: http://svn.apache.org/viewvc?rev=681993&view=rev
Log:
better doco

Modified:
    servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt
    servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt

Modified: servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt
URL: http://svn.apache.org/viewvc/servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt?rev=681993&r1=681992&r2=681993&view=diff
==============================================================================
--- servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt (original)
+++ servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt Sat Aug  2 08:03:23 2008
@@ -26,6 +26,10 @@
  This plugin provides the capability validate and generate checksums
  of the project dependencies against a checksum file that is included
  as part of the project.
+ 
+ By including the dependency checksums as part of your project source, 
+ you can detect any malicious tampering of artifacts that are downloaded 
+ from third party repositories.
 
 * Goals Overview
 
@@ -41,3 +45,22 @@
 
   Instructions on how to use the Checksum Plugin can be found in the
   {{{usage.html}usage}} page.
+  
+* Checksum File Format
+
+  The checksum.txt file is a property file consisting of property keys in 
+  the '<<<$groupId/$artifactId-$version.$type>>>' format and key values being 
+  using '<<<|>>>' separated list of checksum values.  A wild card, '<<<*>>>', may be 
+  used for the version or checksum.  Wild cards are needed if the project is 
+  building against a SNAPSHOT dependency who's checksum changes too often.  
+  The wild card is also needed for dependencies who's version number changes 
+  as part of the release process.
+  
+  Example checksum.txt file:
+    
++-----
+log4j/log4j-1.2.15.pom=1483490805e8f86c21240958629905e733d079eb
+log4j/log4j-1.2.15.jar=f0a0d2e29ed910808c33135a3a5a51bba6358f7b|g0b0d3e22ed920806c3f1ffa3a5a5cb4a2398ca2
+org.apache.activemq/activemq-core-*.pom=*
+org.apache.activemq/activemq-core-*.jar=*
++-----

Modified: servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt
URL: http://svn.apache.org/viewvc/servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt?rev=681993&r1=681992&r2=681993&view=diff
==============================================================================
--- servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt (original)
+++ servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt Sat Aug  2 08:03:23 2008
@@ -23,16 +23,7 @@
 
 Usage
 
-* Validating the Dependency Checksums
-
-  The goals for the Validate goal are bound to the <<<process-classes>>> phase in the
-  build lifecycle.  
-
-+-----
-mvn package
-+-----
-
-* Configuring Your Checksum Plugin
+* Typical Checksum Plugin Configuration
 
 +-----
 <project>
@@ -45,7 +36,6 @@
         <version>1.0-SNAPSHOT</version>
 		    <executions>
           <execution>
-            <id>validate-checksums</id>
             <goals>
               <goal>validate-checksums</goal>
             </goals>
@@ -55,5 +45,51 @@
     </plugins>
   </build>
   ...
+  
+  <profiles>
+  ...
+    <profile>
+      <id>generate-checksums</id>
+      <build>
+        <defaultGoal>compile</defaultGoal>
+        <plugins>
+          <plugin>
+            <groupId>org.apache.servicemix.tooling</groupId>
+            <artifactId>checksum-maven-plugin</artifactId>
+            <version>1.0-SNAPSHOT</version>
+    		    <executions>
+              <execution>
+                <goals>
+                  <goal>generate-checksums</goal>
+                </goals>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  ...
+  </profiles>
+  
 </project>
 +-----
+
+
+* Initializing/Adding Checksums to the checksum file
+
+  If you use the configuration above, you will have a generate-checksums 
+  profile which will generate/update the checksums.txt file.  You will 
+  typically do this when you first start using this plugin or you change 
+  dependencies in the project.
+
++-----
+mvn -P generate-checksums
++-----
+
+* Validating Checksums
+
+  Checksums get validated once the build hits the <<<process-classes>>> build phase.
+
++-----
+mvn install
++-----