You may want to use a profile for this, set in your settings.xml (or
rather a settings.xml of the user used to build your ultimate
releases). This profile would define a propertly, and you reference
the properly in your actual pom.xml. This way you either:
1. only execute the signing during that final build, and then the
properly is therefore only meaningful in that context
or
2. you use it in all builds with a local dummy keystore for
developers and they all put the dummy password in their own profiles.
For this you probably want to also put the location of the keystore
into a profile-provided property to avoid path conflicts.
If you do the latter, then you just have to do a step in your release
to validate that the correct keystore was used to sign the final
released binary.
Christian.
P.S. isn't there a jarsigner plugin?
On 12-Mar-08, at 03:57 , [EMAIL PROTECTED] wrote:
Hi,
Don't know if this is the right place to post this, but here it is
anyway:
Currently we have a requirement to sign JARS which will hold applets.
After reading the documentation, you can easily sign JARS using the
sign
goal with the jar maven plugin. The plugin will eventually call the
jarsigner application with an example as below:
jarsigner -keystore C:\working\mystore -storepass myspass
-keypass j638klm -signedjar sbundle.jar bundle.jar jane
However part of the goal requires you to either hardcode the keypass
into
the pom.xml or not specify it in which the user must type it in each
time.
I'm looking for a solution where the keypass can be read from a file
and
that file would be keeped safe from users obtaining it. Is this
possible
to do with the JAR sign goal, what would be the best approach to this?
Is it possible to even tell maven where to obtain the parameters for a
goal in a pom.xml file? This way the file could specify all the
settings
including where the keystore is located.
Thanks,
***********************************************************************
WARNING: This e-mail (including any attachments) may contain legally
privileged, confidential or private information and may be protected
by
copyright. You may only use it if you are the person(s) it was
intended
to be sent to and if you use it in an authorised way. No one is
allowed to use, review, alter, transmit, disclose, distribute, print
or copy this e-mail without appropriate authority.
If this e-mail was not intended for you and was sent to you by
mistake,
please telephone or e-mail me immediately, destroy any hardcopies of
this e-mail and delete it and any copies of it from your computer
system. Any right which the sender may have under copyright law, and
any legal privilege and confidentiality attached to this e-mail is not
waived or destroyed by that mistake.
It is your responsibility to ensure that this e-mail does not contain
and is not affected by computer viruses, defects or interference by
third parties or replication problems (including incompatibility with
your computer system).
Opinions contained in this e-mail do not necessarily reflect the
opinions of the Queensland Department of Main Roads, Queensland
Transport or Maritime Safety Queensland, or endorsed organisations
utilising the same infrastructure.
***********************************************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
