Thanks Brian and Jason for your thoughts. They were a big help.
I think I have it mostly worked out now, just committed the changes. 1) Added a gpg.skip to skip the signing. Mostly useful for --batch-mode 2) If running in batch-mode and no passphrase is available, throw a MojoExecutionException rather than asking. (fail the build) 3) Only ask for the password once per project instead of per-artifact. In multi-module, it does ask in each module. Jason's suggestion of using MavenProject.properties doesn't work. Any other ideas around that? 4) changed all the properties to "gpg.XXXXX" to namespace them. That does kind of break the docs since "passphrase" changes to "gpg.passphrase". I'm assuming that's ok with a 1.0-alpha-1 to 1.0-alpha-2 change. The only major issue left now is the passphrase in a multi-module build. The three ways it works now are: 1) Ask in each module. 2) If you have a gpg.passphrase set (-D or in a profile or configuration or something), it will use it. 3) If you have gpg.useagent=true, it assumes the agent will handle it. Does that work for everyone for now? I can log a separate task to fix the multi-module stuff when the shared context stuff goes in. Dan On Tuesday 27 February 2007 12:57, Daniel Kulp wrote: > I'm working on fixing the issues in the gpg plugin. I just committed > some changes but would like a bit of discussion before finalizing some > of it. > > MGPG-2 - Allow the selection of a particular signature > I added a keyname parameter (-Dkeyname=foo) etc... which can be used. > It maps directly to the gpg --local-user flag. That should solve that > one. > > MGPG-1 - Prompt for pass phrase if it is not supplied > This one is a bit nasty. I basically have done two changes: > 1) made passphrase non-required. If passphrase is not specified, gpg > will automatically ask for it. We really don't have to do anything. > The DOWNSIDE is gpg will ask for it for every artifact it signs. > > 2) I've added a useAgent parameter (default to false, should that be > true?) to pass the --use-agent of --no-use-agent flag to gpg. The > agent can ask for the passphrase and cache it (outside of maven) so it > only is asked for once. (this solves my use case of NO passphrase > stored on disk anywhere, plaintext or not, yet still only ask once) > > > The questions I have are: > 1) Is allowing GPG to ask for the passphrase for every artifact > acceptable? If not, we'll need to ask ahead of time and cache it. > However, what happens in multi-module builds? Where can we store it so > we don't have to ask again? (I suppose we could abuse > System.setProperty(...) or something. Ick.) > > 2) The comment on MGPG-1 says "the plugin should detect that Maven is > running in batch mode, and not prompt in that case". In that case, > what's supposed to happen? gpg really needs a passphrase. Should it > fail? Should it just not sign anything? > > Thanks! -- J. Daniel Kulp Principal Engineer IONA P: 781-902-8727 C: 508-380-7194 [EMAIL PROTECTED] http://www.dankulp.com/blog --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
