Commit
Improve support for how already-PGP-signed artifacts are handled to support skip, replace, or merge. Use SignedContentFactory for checking jar signatures which allows for skipping jars that are only signed by certificates anchored in Java's cacerts. Support PGP signing features, and optionally also binary artifacts. Support using Bouncy Castle for signing to improve performance and to allow signing to be done in parallel. This also better support providing integration tests for the various sign-p2-artifacts mojo's options. Ensure that only keys actually used by signatures are added to the repository and/or artifact properties. Determining the default key is needed only when signing with Bouncy Castle, in which case it's determined by signing a document and checking which key is used; that's because the default key can be specified in the gpg.conf so just listing the secret key fingerprints will not always correctly identify the correct default. For testing purposes, support generating key information and loading it. Use that to provide integration tests for the new options as well as for existing options. #1466
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -55,11 +55,19 @@ | |
<version>2.6.200</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.junit.jupiter</groupId> | ||
<artifactId>junit-jupiter</artifactId> | ||
<version>5.9.1</version> | ||
<scope>test</scope> | ||
<groupId>org.eclipse.tycho</groupId> | ||
<artifactId>tycho-core</artifactId> | ||
<version>${project.version}</version> | ||
</dependency> | ||
</dependencies> | ||
|
||
<build> | ||
<plugins> | ||
<plugin> | ||
<groupId>org.codehaus.plexus</groupId> | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
merks
Author
Contributor
|
||
<artifactId>plexus-component-metadata</artifactId> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
|
||
</project> |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -9,6 +9,8 @@ | |
*******************************************************************************/ | ||
package org.apache.maven.plugins.gpg; | ||
|
||
import java.io.File; | ||
|
||
import org.apache.maven.plugin.MojoExecutionException; | ||
import org.apache.maven.plugin.MojoFailureException; | ||
import org.apache.maven.project.MavenProject; | ||
|
@@ -18,7 +20,14 @@ public abstract class AbstractGpgMojoExtension extends AbstractGpgMojo { | |
@Override | ||
protected ProxySignerWithPublicKeyAccess newSigner(MavenProject project) | ||
throws MojoExecutionException, MojoFailureException { | ||
return new ProxySignerWithPublicKeyAccess(super.newSigner(project)); | ||
return new ProxySignerWithPublicKeyAccess(super.newSigner(project), getSigner(), getPGPInfo()); | ||
} | ||
|
||
protected String getSigner() { | ||
return "gpg"; | ||
This comment has been minimized.
Sorry, something went wrong.
kwin
Contributor
|
||
} | ||
|
||
protected File getPGPInfo() { | ||
return null; | ||
} | ||
} |
@merks IMHO there are no Plexus components defined in this module, therefore this plugin is superfluous.