Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Brett Porter a écrit : Ah, I see... sorry I misunderstood. So - it works correctly right now? In a single pom, it signs it normally and skips the additional signing of the non-existent attached artifact? Yes. If so, sorry for the noise. np. Emmanuel - Brett On 18/12/2006, at 7:29 PM, Emmanuel Venisse wrote: My fix remove only a NPE when packaging is pom. Without that, the plugin tried to sync artifact, but it doesn't exist when packaging is pom. Emmanuel Brett Porter a écrit : I heard the same objection from Wendy. Can we roll this change back? /me needs to track his objections more carefully, noting this has been released since. - Brett On 09/12/2006, at 11:25 AM, Brett Porter wrote: Why not? I think signing the metadata is just as important. - Brett On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom Modified: maven/plugins/trunk/maven-gpg-plugin/ (props changed) maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java Propchange: maven/plugins/trunk/maven-gpg-plugin/ -- --- svn:ignore (added) +++ svn:ignore Fri Dec 8 07:53:20 2006 @@ -0,0 +1 @@ +target Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646 == --- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java (original) +++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006 @@ -97,15 +97,18 @@ List signingBundles = new ArrayList(); -// -// Project artifact -// +if ( !"pom".equals( project.getPackaging() ) ) +{ +// +// Project artifact +// -File projectArtifact = getProjectFile( project.getBuild().getDirectory(), project.getBuild().getFinalName() ); +File projectArtifact = getProjectFile( project.getBuild().getDirectory(), project.getBuild().getFinalName() ); -File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); +File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); -signingBundles.add( new SigningBundle( project.getArtifact().getType(), projectArtifactSignature ) ); +signingBundles.add( new SigningBundle( project.getArtifact().getType(), projectArtifactSignature ) ); +} // // POM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Ah, I see... sorry I misunderstood. So - it works correctly right now? In a single pom, it signs it normally and skips the additional signing of the non-existent attached artifact? If so, sorry for the noise. - Brett On 18/12/2006, at 7:29 PM, Emmanuel Venisse wrote: My fix remove only a NPE when packaging is pom. Without that, the plugin tried to sync artifact, but it doesn't exist when packaging is pom. Emmanuel Brett Porter a écrit : I heard the same objection from Wendy. Can we roll this change back? /me needs to track his objections more carefully, noting this has been released since. - Brett On 09/12/2006, at 11:25 AM, Brett Porter wrote: Why not? I think signing the metadata is just as important. - Brett On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom Modified: maven/plugins/trunk/maven-gpg-plugin/ (props changed) maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java Propchange: maven/plugins/trunk/maven-gpg-plugin/ --- --- --- svn:ignore (added) +++ svn:ignore Fri Dec 8 07:53:20 2006 @@ -0,0 +1 @@ +target Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg- plugin/src/main/java/org/apache/maven/plugin/gpg/ GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646 === === --- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java (original) +++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006 @@ -97,15 +97,18 @@ List signingBundles = new ArrayList(); -// --- - -// Project artifact -// --- - +if ( !"pom".equals( project.getPackaging() ) ) +{ +// --- - +// Project artifact +// --- - -File projectArtifact = getProjectFile( project.getBuild ().getDirectory(), project.getBuild().getFinalName() ); +File projectArtifact = getProjectFile ( project.getBuild().getDirectory(), project.getBuild ().getFinalName() ); -File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); +File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); -signingBundles.add( new SigningBundle ( project.getArtifact().getType(), projectArtifactSignature ) ); +signingBundles.add( new SigningBundle ( project.getArtifact().getType(), projectArtifactSignature ) ); +} // --- - // POM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
My fix remove only a NPE when packaging is pom. Without that, the plugin tried to sync artifact, but it doesn't exist when packaging is pom. Emmanuel Brett Porter a écrit : I heard the same objection from Wendy. Can we roll this change back? /me needs to track his objections more carefully, noting this has been released since. - Brett On 09/12/2006, at 11:25 AM, Brett Porter wrote: Why not? I think signing the metadata is just as important. - Brett On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom Modified: maven/plugins/trunk/maven-gpg-plugin/ (props changed) maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java Propchange: maven/plugins/trunk/maven-gpg-plugin/ -- --- svn:ignore (added) +++ svn:ignore Fri Dec 8 07:53:20 2006 @@ -0,0 +1 @@ +target Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646 == --- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java (original) +++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006 @@ -97,15 +97,18 @@ List signingBundles = new ArrayList(); -// -// Project artifact -// +if ( !"pom".equals( project.getPackaging() ) ) +{ +// +// Project artifact +// -File projectArtifact = getProjectFile( project.getBuild().getDirectory(), project.getBuild().getFinalName() ); +File projectArtifact = getProjectFile( project.getBuild().getDirectory(), project.getBuild().getFinalName() ); -File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); +File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); -signingBundles.add( new SigningBundle( project.getArtifact().getType(), projectArtifactSignature ) ); +signingBundles.add( new SigningBundle( project.getArtifact().getType(), projectArtifactSignature ) ); +} // // POM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
I heard the same objection from Wendy. Can we roll this change back? /me needs to track his objections more carefully, noting this has been released since. - Brett On 09/12/2006, at 11:25 AM, Brett Porter wrote: Why not? I think signing the metadata is just as important. - Brett On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom Modified: maven/plugins/trunk/maven-gpg-plugin/ (props changed) maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java Propchange: maven/plugins/trunk/maven-gpg-plugin/ - - --- svn:ignore (added) +++ svn:ignore Fri Dec 8 07:53:20 2006 @@ -0,0 +1 @@ +target Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg- plugin/src/main/java/org/apache/maven/plugin/gpg/ GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646 = = --- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java (original) +++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006 @@ -97,15 +97,18 @@ List signingBundles = new ArrayList(); -// - --- -// Project artifact -// - --- +if ( !"pom".equals( project.getPackaging() ) ) +{ +// - --- +// Project artifact +// - --- -File projectArtifact = getProjectFile( project.getBuild ().getDirectory(), project.getBuild().getFinalName() ); +File projectArtifact = getProjectFile ( project.getBuild().getDirectory(), project.getBuild ().getFinalName() ); -File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); +File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); -signingBundles.add( new SigningBundle( project.getArtifact ().getType(), projectArtifactSignature ) ); +signingBundles.add( new SigningBundle ( project.getArtifact().getType(), projectArtifactSignature ) ); +} // - --- // POM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Sorry, responded having read the commits list, not the dev list :) I agreed with your mail - when I said metadata I meant POMs. Definitely don't need to sign maven-metadata.xml. - Brett On 09/12/2006, at 12:19 PM, Wendy Smoak wrote: On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote: Why not? I think signing the metadata is just as important. The maven-metadata.xml files? 1. It's not required by the readme file and 2. They change on every deployment, so you'd be overwriting the signature, which could well belong to someone else. That seems wrong to me-- signed artifacts should not change. But it doesn't matter that much to me, if you want them signed, change the readme file and we'll start doing it. -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote: Why not? I think signing the metadata is just as important. The maven-metadata.xml files? 1. It's not required by the readme file and 2. They change on every deployment, so you'd be overwriting the signature, which could well belong to someone else. That seems wrong to me-- signed artifacts should not change. But it doesn't matter that much to me, if you want them signed, change the readme file and we'll start doing it. -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Why not? I think signing the metadata is just as important. - Brett On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom Modified: maven/plugins/trunk/maven-gpg-plugin/ (props changed) maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java Propchange: maven/plugins/trunk/maven-gpg-plugin/ -- --- svn:ignore (added) +++ svn:ignore Fri Dec 8 07:53:20 2006 @@ -0,0 +1 @@ +target Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/ apache/maven/plugin/gpg/GpgSignAttachedMojo.java URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg- plugin/src/main/java/org/apache/maven/plugin/gpg/ GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646 == --- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java (original) +++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/ maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006 @@ -97,15 +97,18 @@ List signingBundles = new ArrayList(); -// -- -- -// Project artifact -// -- -- +if ( !"pom".equals( project.getPackaging() ) ) +{ +// -- -- +// Project artifact +// -- -- -File projectArtifact = getProjectFile( project.getBuild ().getDirectory(), project.getBuild().getFinalName() ); +File projectArtifact = getProjectFile( project.getBuild ().getDirectory(), project.getBuild().getFinalName() ); -File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); +File projectArtifactSignature = generateSignatureForArtifact( projectArtifact ); -signingBundles.add( new SigningBundle( project.getArtifact ().getType(), projectArtifactSignature ) ); +signingBundles.add( new SigningBundle ( project.getArtifact().getType(), projectArtifactSignature ) ); +} // -- -- // POM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
On 12/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom I think poms also need to be signed, see: http://people.apache.org/repo/m2-ibiblio-rsync-repository/README.txt (The repository metadata files do not, however.) -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]