Brett Porter wrote:
Is this MJAR-32?
Yes it is.
Jerome attached a patch which solved "verify" problem but it's still far
away from what I would call a complete JarSingMojo.
There is still an issue with making the in-place signing (read my
comments in the MJAR-32) which prevents me from using this Mojo.
Cheers
Pablo
Pablo wrote:
Hello everyone
I tried to use JarSignMojo from maven-jar-plugin trunk but with no success.
Out of the box it's not useable.
1) If I set verify to true the following code is done:
if ( verify )
{
JarSignVerifyMojo verify = new JarSignVerifyMojo();
verify.setWorkingDir( workingDirectory );
verify.setBasedir( basedir );
verify.setJarPath( getJarFile() );
verify.setVerbose( verbose );
verify.execute();
}
I think there is a bug. Since getJarFile() returns unsigned jar
JarSignVerifyMojo:execute() will definitely fail.
There should be verify.setJarPath( *signedjar* ); instead of
verify.setJarPath( *getJarFile()* );
2) There is no way (at least I'm not aware of any) to sign a jar without
specifying signedjar parameter. What if would like to use the signed jar
in a module which depends on this particular project?
There should be a way to overwrite signedjar field with null. If
signedjar is null, jarsigner will not be supplied with -signedjar
parameter and will sign target/${artifactId}.jar jar file instead of
creating target/signed/${artifactId}.jar file. And it will allow me to
use this artifact in other projects which depend on it.
Cheers
Pablo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
