Hello everyone
I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
Out of the box it's not useable.
1) If I set verify to true the following code is done:
if ( verify )
{
JarSignVerifyMojo verify = new JarSignVerifyMojo();
verify.setWorkingDir( workingDirectory );
verify.setBasedir( basedir );
verify.setJarPath( getJarFile() );
verify.setVerbose( verbose );
verify.execute();
}
I think there is a bug. Since getJarFile() returns unsigned jar
JarSignVerifyMojo:execute() will definitely fail.
There should be verify.setJarPath( *signedjar* ); instead of
verify.setJarPath( *getJarFile()* );
2) There is no way (at least I'm not aware of any) to sign a jar without
specifying signedjar parameter. What if would like to use the signed jar
in a module which depends on this particular project?
There should be a way to overwrite signedjar field with null. If
signedjar is null, jarsigner will not be supplied with -signedjar
parameter and will sign target/${artifactId}.jar jar file instead of
creating target/signed/${artifactId}.jar file. And it will allow me to
use this artifact in other projects which depend on it.
Cheers
Pablo
