You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@servicemix.apache.org by ch...@apache.org on 2008/08/02 17:03:23 UTC
svn commit: r681993 - in
/servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt:
index.apt usage.apt
Author: chirino
Date: Sat Aug 2 08:03:23 2008
New Revision: 681993
URL: http://svn.apache.org/viewvc?rev=681993&view=rev
Log:
better doco
Modified:
servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt
servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt
Modified: servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt
URL: http://svn.apache.org/viewvc/servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt?rev=681993&r1=681992&r2=681993&view=diff
==============================================================================
--- servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt (original)
+++ servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/index.apt Sat Aug 2 08:03:23 2008
@@ -26,6 +26,10 @@
This plugin provides the capability validate and generate checksums
of the project dependencies against a checksum file that is included
as part of the project.
+
+ By including the dependency checksums as part of your project source,
+ you can detect any malicious tampering of artifacts that are downloaded
+ from third party repositories.
* Goals Overview
@@ -41,3 +45,22 @@
Instructions on how to use the Checksum Plugin can be found in the
{{{usage.html}usage}} page.
+
+* Checksum File Format
+
+ The checksum.txt file is a property file consisting of property keys in
+ the '<<<$groupId/$artifactId-$version.$type>>>' format and key values being
+ using '<<<|>>>' separated list of checksum values. A wild card, '<<<*>>>', may be
+ used for the version or checksum. Wild cards are needed if the project is
+ building against a SNAPSHOT dependency who's checksum changes too often.
+ The wild card is also needed for dependencies who's version number changes
+ as part of the release process.
+
+ Example checksum.txt file:
+
++-----
+log4j/log4j-1.2.15.pom=1483490805e8f86c21240958629905e733d079eb
+log4j/log4j-1.2.15.jar=f0a0d2e29ed910808c33135a3a5a51bba6358f7b|g0b0d3e22ed920806c3f1ffa3a5a5cb4a2398ca2
+org.apache.activemq/activemq-core-*.pom=*
+org.apache.activemq/activemq-core-*.jar=*
++-----
Modified: servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt
URL: http://svn.apache.org/viewvc/servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt?rev=681993&r1=681992&r2=681993&view=diff
==============================================================================
--- servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt (original)
+++ servicemix/maven-plugins/checksum-maven-plugin/trunk/src/site/apt/usage.apt Sat Aug 2 08:03:23 2008
@@ -23,16 +23,7 @@
Usage
-* Validating the Dependency Checksums
-
- The goals for the Validate goal are bound to the <<<process-classes>>> phase in the
- build lifecycle.
-
-+-----
-mvn package
-+-----
-
-* Configuring Your Checksum Plugin
+* Typical Checksum Plugin Configuration
+-----
<project>
@@ -45,7 +36,6 @@
<version>1.0-SNAPSHOT</version>
<executions>
<execution>
- <id>validate-checksums</id>
<goals>
<goal>validate-checksums</goal>
</goals>
@@ -55,5 +45,51 @@
</plugins>
</build>
...
+
+ <profiles>
+ ...
+ <profile>
+ <id>generate-checksums</id>
+ <build>
+ <defaultGoal>compile</defaultGoal>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.servicemix.tooling</groupId>
+ <artifactId>checksum-maven-plugin</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>generate-checksums</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ ...
+ </profiles>
+
</project>
+-----
+
+
+* Initializing/Adding Checksums to the checksum file
+
+ If you use the configuration above, you will have a generate-checksums
+ profile which will generate/update the checksums.txt file. You will
+ typically do this when you first start using this plugin or you change
+ dependencies in the project.
+
++-----
+mvn -P generate-checksums
++-----
+
+* Validating Checksums
+
+ Checksums get validated once the build hits the <<<process-classes>>> build phase.
+
++-----
+mvn install
++-----