[
http://opencast.jira.com/browse/MH-8091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=27843#comment-27843
]
Christopher Brooks commented on MH-8091:
----------------------------------------
Some notes from Christoph:
Signing jars with maven
To sign jars with maven one should make use of the maven-jarsigner-plugin which
in turn uses the jarsigner tool of the jdk to do its job. Place the following
snippet in the base pom:
<profiles>
...
<profile>
<id>sign</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
<phase>package</phase>
<configuration>
<keystore>src/keystore/signing-jar.keystore</keystore>
<alias>signed</alias>
<archiveDirectory>modules</archiveDirectory>
<includes>
<include>**/target/matterhorn-*.jar</include>
</includes>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
...
</profiles>
To sign the jars issue "mvn -Psign".
As a prerequisite you need a keystore file under
$MH/src/keystore/signing-jar.keystore with a signature aliased "signed". An
example keystore can be generated with the following shell script. The
parameter "dname" needs to be adjusted accordingly.
#!/bin/sh
KEYSTORE=src/keystore/signing-jar.keystore
ALIAS=signed
STOREPASS=opencast
KEYPASS=opencast
keytool -genkey -alias $ALIAS -keystore $KEYSTORE -storepass $STOREPASS
-keypass $KEYPASS -dname "CN=developer, OU=Opencast, O=org.opencastproject,
L=Somewhere, ST=Germany, C=DE"
keytool -selfcert -alias $ALIAS -keystore $KEYSTORE -storepass $STOREPASS
-keypass $KEYPASS
Without being the "sign" profile active by default, you need to issue the
following command sequence in order to produce and install signed jars:
$ mvn package
$ mvn -Psign -Djarsigner.keypass=PASSWORD -Djarsigner.storepass=PASSWORD
$ mvn -Dmaven.test.skip=true install
Useful links:
http://download.oracle.com/javase/1.5.0/docs/tooldocs/solaris/jarsigner.html
http://maven.apache.org/plugins/maven-jarsigner-plugin/
http://stackoverflow.com/questions/2027753/how-to-deploy-applet-with-dependencies-jar-using-maven-and-sign-it
Hope that helps,
Christoph
> Add support for jar signing in maven build
> ------------------------------------------
>
> Key: MH-8091
> URL: http://opencast.jira.com/browse/MH-8091
> Project: Matterhorn Project
> Issue Type: Task
> Components: Architecture & Services
> Affects Versions: Trunk
> Reporter: Christoph E. Driessen
> Assignee: Christoph E. Driessen
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://opencast.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Matterhorn mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn
To unsubscribe please email
[email protected]
_______________________________________________
