You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by el...@apache.org on 2020/04/12 13:15:34 UTC
[maven-gpg-plugin] 01/01: [MNGSITE-393] remove pre-Maven 3
workarounds
This is an automated email from the ASF dual-hosted git repository.
elharo pushed a commit to branch elharo-patch-1
in repository https://gitbox.apache.org/repos/asf/maven-gpg-plugin.git
commit 973fd989342808c835567e7f01298985ba1dfc72
Author: Elliotte Rusty Harold <el...@users.noreply.github.com>
AuthorDate: Sun Apr 12 09:15:26 2020 -0400
[MNGSITE-393] remove pre-Maven 3 workarounds
@hboutemy
---
src/site/apt/examples/deploy-signed-artifacts.apt | 18 +++++-------------
1 file changed, 5 insertions(+), 13 deletions(-)
diff --git a/src/site/apt/examples/deploy-signed-artifacts.apt b/src/site/apt/examples/deploy-signed-artifacts.apt
index 44a5869..79c49ae 100644
--- a/src/site/apt/examples/deploy-signed-artifacts.apt
+++ b/src/site/apt/examples/deploy-signed-artifacts.apt
@@ -26,15 +26,15 @@
Deploy Signed Artifacts
- Without this plugin you would deploy your project like this:
+ Without this plugin you deploy your project like this:
+----------+
mvn deploy
+----------+
If you have configured this plugin according to the instructions in the
- {{{../usage.html}usage page}} then you just need to specify the passphrase for
- your private key on the command line. Like this:
+ {{{../usage.html}usage page}}, you just need to specify the passphrase for
+ your private key on the command line like this:
+----------+
mvn deploy -Dgpg.passphrase=thephrase
@@ -43,18 +43,10 @@ mvn deploy -Dgpg.passphrase=thephrase
If you don't specify a passphrase, it will prompt for one.
-
-* Issue with invalid signatures on the POM files
-
- Maven 2.0.5 fixes a problem where the POM files would end up changing between
- signing them and deploying them. If the signatures on the POM files are invalid,
- make sure you upgrade to Maven 2.0.5.
-
-
* Install/Deploy without configuring the plugin in the POM
- Currently this is not easily accomplished. gpg signs the artifacts attached to the
- build at the point that gpg runs. However, we want to "inject" the gpg into the phases.
+ Currently this is not easily accomplished. gpg signs the artifacts attached to the
+ build at the point that gpg runs. However, we want to "inject" the gpg into the phases.
What MIGHT work is:
+----------+