From 26aa5b3eddbc1969a556bd788a0528c1aa9a5518 Mon Sep 17 00:00:00 2001
From: Frederik Boster <frederik@boster.de>
Date: Fri, 26 Feb 2021 14:12:08 +0100
Subject: [PATCH 1/3] [MGPG-66] fix handling of excluded files

---
 .../org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
index cf9a06b..eea5dc6 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
@@ -192,6 +192,12 @@ else if ( project.getAttachedArtifacts().isEmpty() )
 
             File file = artifact.getFile();
 
+            if ( isExcluded( file.getPath() ) )
+            {
+                getLog().debug( "Skipping generation of signature for excluded " + file );
+                continue;
+            }
+
             getLog().debug( "Generating signature for " + file );
 
             File signature = signer.generateSignatureForArtifact( file );

From fba2c3913e851811bb3e64a39ff839cbd6688703 Mon Sep 17 00:00:00 2001
From: Frederik Boster <frederik@boster.de>
Date: Mon, 1 Mar 2021 11:45:03 +0100
Subject: [PATCH 2/3] [MGPG-66] add test for handling of excluded files

---
 src/it/sign-release-with-excludes/pom.xml    | 107 +++++++++++++++++++
 src/it/sign-release-with-excludes/verify.bsh |  58 ++++++++++
 2 files changed, 165 insertions(+)
 create mode 100644 src/it/sign-release-with-excludes/pom.xml
 create mode 100644 src/it/sign-release-with-excludes/verify.bsh

diff --git a/src/it/sign-release-with-excludes/pom.xml b/src/it/sign-release-with-excludes/pom.xml
new file mode 100644
index 0000000..dad59b2
--- /dev/null
+++ b/src/it/sign-release-with-excludes/pom.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>org.apache.maven.its.gpg.srwe</groupId>
+  <artifactId>test</artifactId>
+  <version>1.0</version>
+  <packaging>jar</packaging>
+
+  <description>
+    Tests the exclusion of signature files while signing.
+  </description>
+
+  <properties>
+    <maven.test.skip>true</maven.test.skip>
+  </properties>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+        <version>2.0.2</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-gpg-plugin</artifactId>
+        <version>@project.version@</version>
+        <configuration>
+          <passphrase>TEST</passphrase>
+        </configuration>
+        <executions>
+          <execution>
+            <id>sign-artifacts</id>
+            <goals>
+              <goal>sign</goal>
+            </goals>
+          </execution>
+          <execution>
+            <!-- second signing run to test default exclusion of *.asc files -->
+            <id>resign-artifacts</id>
+            <goals>
+              <goal>sign</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-install-plugin</artifactId>
+        <version>2.2</version>
+        <configuration>
+          <updateReleaseInfo>true</updateReleaseInfo>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <version>2.1</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-resources-plugin</artifactId>
+        <version>2.2</version>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>2.0.4</version>
+        <executions>
+          <execution>
+            <id>attach-sources</id>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-surefire-plugin</artifactId>
+        <version>2.3.1</version>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/src/it/sign-release-with-excludes/verify.bsh b/src/it/sign-release-with-excludes/verify.bsh
new file mode 100644
index 0000000..b464464
--- /dev/null
+++ b/src/it/sign-release-with-excludes/verify.bsh
@@ -0,0 +1,58 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.File;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.util.List;
+import org.codehaus.plexus.util.FileUtils;
+
+File artifactDir = new File( localRepositoryPath, "org/apache/maven/its/gpg/srwe/test/1.0" );
+
+String[] expectedFiles = {
+    "_remote.repositories",
+    "test-1.0.pom",
+    "test-1.0.pom.asc",
+    "test-1.0.jar",
+    "test-1.0.jar.asc",
+    "test-1.0-sources.jar",
+    "test-1.0-sources.jar.asc",
+};
+
+for ( File file : artifactDir.listFiles() )
+{
+    String fileName = file.getName();
+    System.out.println( "Checking if file is expected: " + fileName );
+
+    boolean expected = false;
+    for ( String expectedFile : expectedFiles )
+    {
+        if ( expectedFile.equals( fileName ) )
+        {
+            expected = true;
+            break;
+        }
+    }
+
+    if ( !expected )
+    {
+        throw new Exception( "Unexpected file " + file );
+    }
+}

From 4da69213e2f50757ae2630915688cf87f9acffb2 Mon Sep 17 00:00:00 2001
From: Frederik Boster <frederik@boster.de>
Date: Mon, 15 Mar 2021 20:41:51 +0100
Subject: [PATCH 3/3] [MGPG-66] fix handling of excluded files on linux

---
 .../maven/plugins/gpg/GpgSignAttachedMojo.java     | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
index eea5dc6..98b600a 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
@@ -21,6 +21,7 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -192,7 +193,7 @@ else if ( project.getAttachedArtifacts().isEmpty() )
 
             File file = artifact.getFile();
 
-            if ( isExcluded( file.getPath() ) )
+            if ( isExcluded( artifact ) )
             {
                 getLog().debug( "Skipping generation of signature for excluded " + file );
                 continue;
@@ -223,19 +224,24 @@ else if ( project.getAttachedArtifacts().isEmpty() )
     /**
      * Tests whether or not a name matches against at least one exclude pattern.
      *
-     * @param name The name to match. Must not be <code>null</code>.
+     * @param artifact The artifact to match. Must not be <code>null</code>.
      * @return <code>true</code> when the name matches against at least one exclude pattern, or <code>false</code>
      *         otherwise.
      */
-    protected boolean isExcluded( String name )
+    protected boolean isExcluded( Artifact artifact )
     {
+        final Path projectBasePath = project.getBasedir().toPath();
+        final Path artifactPath = artifact.getFile().toPath();
+        final String relativeArtifactPath = projectBasePath.relativize( artifactPath ).toString();
+
         for ( String exclude : excludes )
         {
-            if ( SelectorUtils.matchPath( exclude, name ) )
+            if ( SelectorUtils.matchPath( exclude, relativeArtifactPath ) )
             {
                 return true;
             }
         }
+
         return false;
     }