for multi-modules, I found one setup to stay light = 1 keys list for the whole multi-module project: <configuration> <keysMapLocation>${maven.multiModuleProjectDirectory}/pgp-keys-map.list</keysMapLocation> </configuration> this maven.multiModuleProjectDirectory property is available since Maven 3.3, then I suppose it should be ok
And on generating keys map file, I found that you already did the vast majority of what I expected: once the keys file is not empty, on missing (or non-matching) key, error message has what I need: [ERROR] Not allowed artifact junit:junit:jar:4.13 and keyID: junit:junit:4.13 = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51 https://hkps.pool.sks-keyservers.net/pks/lookup?op=vindex&fingerprint=on&search=0xFF6E2C001948C5F2F38B0CC385911F425EC61B51 the second line can simply be copied = what I was looking for I did not understant that the message when key is ok is not the same: [INFO] org.hamcrest:hamcrest-core:jar:1.3 PGP Signature OK KeyId: 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E UserIds: [Tom Denley (scarytom) <t.den...@cantab.net>] I'm sure little enhancements can be done to make messages more clear, but now I see that it works mostly as I want I'll probably provide PRs later now, we should IMHO use this plugin in each of our builds... Regards, Hervé Le mercredi 10 mars 2021, 22:44:57 CET Slawomir Jaranowski a écrit : > Hi Hervé > > Thanks for good words about my project. > > 1. There is already a request for the feature of automatically generating > keys map file [2] > The keys map file format is described with examples at project page [3] > The keys map is similar to java properties with exception about ':' > (colon), in java properties colon separate key and value. Of course every > idea is welcome. > > > 2. For multi-module maven projects we have to challenge how to share one > resource with all project modules. > I know some ways: > - external project with resources > - special module in project, but in this case we must refactor project > structure like in IT test sigOkKeysMapMultiModule [4] > - we can also use assembly plugin to attach special artifact to project > root module like I did in project pgp-keys-map [5] > > [2] https://github.com/s4u/pgpverify-maven-plugin/issues/84 > [3] https://www.simplify4u.org/pgpverify-maven-plugin/keysmap-format.html > [4] > https://github.com/s4u/pgpverify-maven-plugin/tree/master/src/it/sigOkKeysMa > pMultiModule [5] https://github.com/s4u/pgp-keys-map > > śr., 10 mar 2021 o 21:48 Hervé BOUTEMY <herve.bout...@free.fr> napisał(a): > > Hi Slawomir, > > > > I just tested pgpverify-maven-plugin on maven-artifact-plugin [1]. > > I was successful, really nice. > > > > From that experience, I have some questions on the keys map file: > > > > 1. is there a way to ease the creation of the file content? > > currently, I had to copy paste output, check that I trusted the keys > > (which of course can't be automated), and then had to do a lot of > > modifications to match the properties file format. Would it be possible to > > have a default output that matches properties format, so reviewing and > > injecting content would be easier? > > > > 2. I also tested on a multi-module project (like maven-archetype-bundles), > > and I could not configure the plugin to use one single keys map for the > > whole build: creating 1 file per module is really cumbersome. > > Did you imagine a way to share the same map file in a multi-module build? > > > > This plugin is really nice, the hard part is about writing keys map > > file... > > > > Regards, > > > > Hervé > > > > > > [1] > > https://github.com/apache/maven-artifact-plugin/commit/41df63adaf91f0c481f > > ff9347abb2dbeb7022f5b --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org