Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Brett Porter a écrit :
Ah, I see... sorry I misunderstood.
So - it works correctly right now? In a single pom, it signs it normally
and skips the additional signing of the non-existent attached artifact?
Yes.
If so, sorry for the noise.
np.
Emmanuel
- Brett
On 18/12/2006, at 7:29 PM, Emmanuel Venisse wrote:
My fix remove only a NPE when packaging is pom. Without that, the
plugin tried to sync artifact, but it doesn't exist when packaging is
pom.
Emmanuel
Brett Porter a écrit :
I heard the same objection from Wendy. Can we roll this change back?
/me needs to track his objections more carefully, noting this has
been released since.
- Brett
On 09/12/2006, at 11:25 AM, Brett Porter wrote:
Why not? I think signing the metadata is just as important.
- Brett
On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote:
Author: evenisse
Date: Fri Dec 8 07:53:20 2006
New Revision: 484646
URL: http://svn.apache.org/viewvc?view=rev&rev=484646
Log:
Don't generate signature on artifact when the project is a pom
Modified:
maven/plugins/trunk/maven-gpg-plugin/ (props changed)
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Propchange: maven/plugins/trunk/maven-gpg-plugin/
--
--- svn:ignore (added)
+++ svn:ignore Fri Dec 8 07:53:20 2006
@@ -0,0 +1 @@
+target
Modified:
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646
==
---
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
(original)
+++
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Fri Dec 8 07:53:20 2006
@@ -97,15 +97,18 @@
List signingBundles = new ArrayList();
-//
-// Project artifact
-//
+if ( !"pom".equals( project.getPackaging() ) )
+{
+//
+// Project artifact
+//
-File projectArtifact = getProjectFile(
project.getBuild().getDirectory(),
project.getBuild().getFinalName() );
+File projectArtifact = getProjectFile(
project.getBuild().getDirectory(),
project.getBuild().getFinalName() );
-File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
+File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
-signingBundles.add( new SigningBundle(
project.getArtifact().getType(), projectArtifactSignature ) );
+signingBundles.add( new SigningBundle(
project.getArtifact().getType(), projectArtifactSignature ) );
+}
//
// POM
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Ah, I see... sorry I misunderstood.
So - it works correctly right now? In a single pom, it signs it
normally and skips the additional signing of the non-existent
attached artifact?
If so, sorry for the noise.
- Brett
On 18/12/2006, at 7:29 PM, Emmanuel Venisse wrote:
My fix remove only a NPE when packaging is pom. Without that, the
plugin tried to sync artifact, but it doesn't exist when packaging
is pom.
Emmanuel
Brett Porter a écrit :
I heard the same objection from Wendy. Can we roll this change back?
/me needs to track his objections more carefully, noting this has
been released since.
- Brett
On 09/12/2006, at 11:25 AM, Brett Porter wrote:
Why not? I think signing the metadata is just as important.
- Brett
On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote:
Author: evenisse
Date: Fri Dec 8 07:53:20 2006
New Revision: 484646
URL: http://svn.apache.org/viewvc?view=rev&rev=484646
Log:
Don't generate signature on artifact when the project is a pom
Modified:
maven/plugins/trunk/maven-gpg-plugin/ (props changed)
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Propchange: maven/plugins/trunk/maven-gpg-plugin/
---
---
--- svn:ignore (added)
+++ svn:ignore Fri Dec 8 07:53:20 2006
@@ -0,0 +1 @@
+target
Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-
plugin/src/main/java/org/apache/maven/plugin/gpg/
GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646
===
===
--- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java (original)
+++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8
07:53:20 2006
@@ -97,15 +97,18 @@
List signingBundles = new ArrayList();
-//
---
-
-// Project artifact
-//
---
-
+if ( !"pom".equals( project.getPackaging() ) )
+{
+//
---
-
+// Project artifact
+//
---
-
-File projectArtifact = getProjectFile( project.getBuild
().getDirectory(), project.getBuild().getFinalName() );
+File projectArtifact = getProjectFile
( project.getBuild().getDirectory(), project.getBuild
().getFinalName() );
-File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
+File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
-signingBundles.add( new SigningBundle
( project.getArtifact().getType(), projectArtifactSignature ) );
+signingBundles.add( new SigningBundle
( project.getArtifact().getType(), projectArtifactSignature ) );
+}
//
---
-
// POM
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
My fix remove only a NPE when packaging is pom. Without that, the plugin tried
to sync artifact, but it doesn't exist when packaging is pom.
Emmanuel
Brett Porter a écrit :
I heard the same objection from Wendy. Can we roll this change back?
/me needs to track his objections more carefully, noting this has been
released since.
- Brett
On 09/12/2006, at 11:25 AM, Brett Porter wrote:
Why not? I think signing the metadata is just as important.
- Brett
On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote:
Author: evenisse
Date: Fri Dec 8 07:53:20 2006
New Revision: 484646
URL: http://svn.apache.org/viewvc?view=rev&rev=484646
Log:
Don't generate signature on artifact when the project is a pom
Modified:
maven/plugins/trunk/maven-gpg-plugin/ (props changed)
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Propchange: maven/plugins/trunk/maven-gpg-plugin/
--
--- svn:ignore (added)
+++ svn:ignore Fri Dec 8 07:53:20 2006
@@ -0,0 +1 @@
+target
Modified:
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646
==
---
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
(original)
+++
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Fri Dec 8 07:53:20 2006
@@ -97,15 +97,18 @@
List signingBundles = new ArrayList();
-//
-// Project artifact
-//
+if ( !"pom".equals( project.getPackaging() ) )
+{
+//
+// Project artifact
+//
-File projectArtifact = getProjectFile(
project.getBuild().getDirectory(), project.getBuild().getFinalName() );
+File projectArtifact = getProjectFile(
project.getBuild().getDirectory(), project.getBuild().getFinalName() );
-File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
+File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
-signingBundles.add( new SigningBundle(
project.getArtifact().getType(), projectArtifactSignature ) );
+signingBundles.add( new SigningBundle(
project.getArtifact().getType(), projectArtifactSignature ) );
+}
//
// POM
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
I heard the same objection from Wendy. Can we roll this change back?
/me needs to track his objections more carefully, noting this has
been released since.
- Brett
On 09/12/2006, at 11:25 AM, Brett Porter wrote:
Why not? I think signing the metadata is just as important.
- Brett
On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote:
Author: evenisse
Date: Fri Dec 8 07:53:20 2006
New Revision: 484646
URL: http://svn.apache.org/viewvc?view=rev&rev=484646
Log:
Don't generate signature on artifact when the project is a pom
Modified:
maven/plugins/trunk/maven-gpg-plugin/ (props changed)
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java
Propchange: maven/plugins/trunk/maven-gpg-plugin/
-
-
--- svn:ignore (added)
+++ svn:ignore Fri Dec 8 07:53:20 2006
@@ -0,0 +1 @@
+target
Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-
plugin/src/main/java/org/apache/maven/plugin/gpg/
GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646
=
=
--- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java (original)
+++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006
@@ -97,15 +97,18 @@
List signingBundles = new ArrayList();
-//
-
---
-// Project artifact
-//
-
---
+if ( !"pom".equals( project.getPackaging() ) )
+{
+//
-
---
+// Project artifact
+//
-
---
-File projectArtifact = getProjectFile( project.getBuild
().getDirectory(), project.getBuild().getFinalName() );
+File projectArtifact = getProjectFile
( project.getBuild().getDirectory(), project.getBuild
().getFinalName() );
-File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
+File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
-signingBundles.add( new SigningBundle( project.getArtifact
().getType(), projectArtifactSignature ) );
+signingBundles.add( new SigningBundle
( project.getArtifact().getType(), projectArtifactSignature ) );
+}
//
-
---
// POM
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Sorry, responded having read the commits list, not the dev list :) I agreed with your mail - when I said metadata I meant POMs. Definitely don't need to sign maven-metadata.xml. - Brett On 09/12/2006, at 12:19 PM, Wendy Smoak wrote: On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote: Why not? I think signing the metadata is just as important. The maven-metadata.xml files? 1. It's not required by the readme file and 2. They change on every deployment, so you'd be overwriting the signature, which could well belong to someone else. That seems wrong to me-- signed artifacts should not change. But it doesn't matter that much to me, if you want them signed, change the readme file and we'll start doing it. -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
On 12/8/06, Brett Porter <[EMAIL PROTECTED]> wrote: Why not? I think signing the metadata is just as important. The maven-metadata.xml files? 1. It's not required by the readme file and 2. They change on every deployment, so you'd be overwriting the signature, which could well belong to someone else. That seems wrong to me-- signed artifacts should not change. But it doesn't matter that much to me, if you want them signed, change the readme file and we'll start doing it. -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
Why not? I think signing the metadata is just as important.
- Brett
On 09/12/2006, at 2:53 AM, [EMAIL PROTECTED] wrote:
Author: evenisse
Date: Fri Dec 8 07:53:20 2006
New Revision: 484646
URL: http://svn.apache.org/viewvc?view=rev&rev=484646
Log:
Don't generate signature on artifact when the project is a pom
Modified:
maven/plugins/trunk/maven-gpg-plugin/ (props changed)
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java
Propchange: maven/plugins/trunk/maven-gpg-plugin/
--
--- svn:ignore (added)
+++ svn:ignore Fri Dec 8 07:53:20 2006
@@ -0,0 +1 @@
+target
Modified: maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/
apache/maven/plugin/gpg/GpgSignAttachedMojo.java
URL: http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-
plugin/src/main/java/org/apache/maven/plugin/gpg/
GpgSignAttachedMojo.java?view=diff&rev=484646&r1=484645&r2=484646
==
--- maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java (original)
+++ maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/
maven/plugin/gpg/GpgSignAttachedMojo.java Fri Dec 8 07:53:20 2006
@@ -97,15 +97,18 @@
List signingBundles = new ArrayList();
-//
--
--
-// Project artifact
-//
--
--
+if ( !"pom".equals( project.getPackaging() ) )
+{
+//
--
--
+// Project artifact
+//
--
--
-File projectArtifact = getProjectFile( project.getBuild
().getDirectory(), project.getBuild().getFinalName() );
+File projectArtifact = getProjectFile( project.getBuild
().getDirectory(), project.getBuild().getFinalName() );
-File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
+File projectArtifactSignature =
generateSignatureForArtifact( projectArtifact );
-signingBundles.add( new SigningBundle( project.getArtifact
().getType(), projectArtifactSignature ) );
+signingBundles.add( new SigningBundle
( project.getArtifact().getType(), projectArtifactSignature ) );
+}
//
--
--
// POM
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: svn commit: r484646 - in /maven/plugins/trunk/maven-gpg-plugin: ./ src/main/java/org/apache/maven/plugin/gpg/GpgSignAttachedMojo.java
On 12/8/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Author: evenisse Date: Fri Dec 8 07:53:20 2006 New Revision: 484646 URL: http://svn.apache.org/viewvc?view=rev&rev=484646 Log: Don't generate signature on artifact when the project is a pom I think poms also need to be signed, see: http://people.apache.org/repo/m2-ibiblio-rsync-repository/README.txt (The repository metadata files do not, however.) -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
