To create md5 and sha1 hashes, and gpg signatures, we added (in a POM
profile that is conditionally activated) some maven things to sign
(using maven-gpg-plugin) and do checksums (using maven-install-plugin,
version 2.2, which has a createChecksum flag).
It isn't quite working right.
The gpg plugin runs during "verify" lifecycle, right before "install" -
in order to put the xxx.asc file into the /target, so "install" can copy
it to the local repo.
The install:install runs after that, and computes the md5 and sha1
checksums on everything, *including the xxx.asc file*.
Unlike the gpg plugin, it does *not* put these files into /target, but
only puts them into the local maven repository.
I see other projects have figured out how to do this so the checksums
are not added to the xxx.asc (gpg signature) files. How is this done?
-Marshall
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
