I'm working on fixing the issues in the gpg plugin. I just committed some changes but would like a bit of discussion before finalizing some of it.
MGPG-2 - Allow the selection of a particular signature I added a keyname parameter (-Dkeyname=foo) etc... which can be used. It maps directly to the gpg --local-user flag. That should solve that one. MGPG-1 - Prompt for pass phrase if it is not supplied This one is a bit nasty. I basically have done two changes: 1) made passphrase non-required. If passphrase is not specified, gpg will automatically ask for it. We really don't have to do anything. The DOWNSIDE is gpg will ask for it for every artifact it signs. 2) I've added a useAgent parameter (default to false, should that be true?) to pass the --use-agent of --no-use-agent flag to gpg. The agent can ask for the passphrase and cache it (outside of maven) so it only is asked for once. (this solves my use case of NO passphrase stored on disk anywhere, plaintext or not, yet still only ask once) The questions I have are: 1) Is allowing GPG to ask for the passphrase for every artifact acceptable? If not, we'll need to ask ahead of time and cache it. However, what happens in multi-module builds? Where can we store it so we don't have to ask again? (I suppose we could abuse System.setProperty(...) or something. Ick.) 2) The comment on MGPG-1 says "the plugin should detect that Maven is running in batch mode, and not prompt in that case". In that case, what's supposed to happen? gpg really needs a passphrase. Should it fail? Should it just not sign anything? Thanks! -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727 C: 508-380-7194 [EMAIL PROTECTED] http://www.dankulp.com/blog --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
