Marshall Schor wrote:
To create md5 and sha1 hashes, and gpg signatures, we added (in a POM
profile that is conditionally activated) some maven things to sign
(using maven-gpg-plugin) and do checksums (using maven-install-plugin,
version 2.2, which has a createChecksum flag).
It isn't quite working right.
The gpg plugin runs during "verify" lifecycle, right before "install" -
in order to put the xxx.asc file into the /target, so "install" can copy
it to the local repo.
The install:install runs after that, and computes the md5 and sha1
checksums on everything, *including the xxx.asc file*.
Unlike the gpg plugin, it does *not* put these files into /target, but
only puts them into the local maven repository.
I see other projects have figured out how to do this so the checksums
are not added to the xxx.asc (gpg signature) files. How is this done?
The next version of maven-install-plugin will have a fix for this:
http://jira.codehaus.org/browse/MINSTALL-48
-Marshall
--
Dennis Lundberg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
