Hello Maven users,
I'm in the process of mavenizing an ant build (alright !) but there is a
step, signing, that seems not that obvious to achieve.
I can use the maven jar signer and sign my jars ok , with :
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${keystore.location}</keystore>
<storepass>${keystore.store.password}</storepass>
<keypass>${keystore.key.password}</keypass>
<alias>${keystore.alias}</alias>
</configuration>
</plugin>
And setting the variables in my settings.xml.
But, I want more; in fact, the people who used to do the signing with
ant, also timestamped their jars while doing so.
Why ? because imagine your authority expires in 2012, and you signed
your jar in 2011, you do not want your users to have a security warning
when they install and use this jar in 2012+ (since when you signed it
you had the authority to do so back then in 2011; at least this is what
I understood from this process :-P )
So, with ant, they did that :
<signjar alias="${sign.alias}" keystore="${sign.keystore}"
storepass="${sign.storepass}"
preservelastmodified="true"
tsaurl="${tsa.url}">
<path>
<fileset dir="${buildDirectory}/buildRepo/plugins">
<include name="**/com.company*.jar" />
</fileset>
</path>
</signjar>
Did you notice that "tsaurl=url" ?
According to the doc, http://ant.apache.org/manual/Tasks/signjar.html
"URL for a timestamp authority for timestamped JAR files in Java1.5+"
Thing is, in maven jar signer, there is not such option :
http://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html
Is there a maven plugin to accomplish this ?
If not, should I create a feature request on maven jar signer Jira ?
Or, but I would feel so sorry, should I use the maven ant runner plugin
to do this :-(
Thank you,
Best regards,
Anthony Dahanne
Software Developer
Compuware Montreal
75 Rue Queen, Suite 6500
Montreal, QC, Canada H3C 2N6
+1-514-798-8949
Le contenu de ce courriel s'adresse au destinataire seulement. Il contient de
l'information pouvant être confidentielle. Vous ne devez ni le copier ni
l'utiliser ni le divulguer à qui que ce soit à moins que vous soyez le
destinataire ou une personne désignée autorisée. Si vous le receviez par
erreur, veuillez nous aviser immédiatement et le détruire.
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose it
to anyone else. If you received it in error please notify us immediately and
then destroy it.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
