[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17797502#comment-17797502 ] ASF GitHub Bot commented on MJARSIGNER-63: -- slachiewicz merged PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14 > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794704#comment-17794704 ] ASF GitHub Bot commented on MJARSIGNER-63: -- schedin commented on PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14#issuecomment-1847147734 Even though `readonly` is not about documentation (primary), I feel that in this context (for this specific case and JIRA tickets) it is about documentation. In my comment in https://issues.apache.org/jira/projects/MJARSIGNER/issues/MJARSIGNER-63 I have provided a (rather long) example that shows that it is possible to set this parameter, even if it is readonly (or undocumented). My opinion is that we (the community) should make a conscious choice to make sure that this parameter is configurable by the end-user (and also documented). I think this was the original intent of https://issues.apache.org/jira/projects/MJARSIGNER/issues/MJARSIGNER-53 > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794694#comment-17794694 ] ASF GitHub Bot commented on MJARSIGNER-63: -- elharo commented on PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14#issuecomment-1847124242 It's possible that this should not have readonly=true. I don't have a real opinion on that. But let's make sure we're making conscious choice here and the PR title reflects what we're trying to do. > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794692#comment-17794692 ] ASF GitHub Bot commented on MJARSIGNER-63: -- elharo commented on PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14#issuecomment-1847123083 readonly is not about documentation. See https://maven.apache.org/plugin-tools/maven-plugin-annotations/apidocs/org/apache/maven/plugins/annotations/Parameter.html#readonly() > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794585#comment-17794585 ] ASF GitHub Bot commented on MJARSIGNER-63: -- schedin commented on PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14#issuecomment-1846763409 I have rebased this pull request on master. > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17794204#comment-17794204 ] ASF GitHub Bot commented on MJARSIGNER-63: -- schedin commented on PR #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14#issuecomment-1845339374 I looked at https://maven.apache.org/plugin-tools/apidocs/org/apache/maven/plugins/annotations/Parameter.html#readonly() and my interpretation of this annotation parameter is that it exist for a use case it don't fully understand (usage of common POM elements). My guess is that this readonly parameter is not related to Java attribute immutability. I'm also (mostly guessing) that the original author (@olamy ?) copy-pasted from the "wrong" thing. Perhaps from MavenProject/Settings/MavenSession? My assumption is that the intention is that the end-user should be able to configure this parameter in a `` block. While reading the javadoc for readonly it looks like this should be false (or not defined, so it is false per default) for the indented use case of specifiying certchain. > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[ https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793690#comment-17793690 ] ASF GitHub Bot commented on MJARSIGNER-63: -- schedin opened a new pull request, #14: URL: https://github.com/apache/maven-jarsigner-plugin/pull/14 Making certchain not read-only so that the Maven site documentation will make is visible on https://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html > certchain should be supported by default > > > Key: MJARSIGNER-63 > URL: https://issues.apache.org/jira/browse/MJARSIGNER-63 > Project: Maven Jar Signer Plugin > Issue Type: Improvement >Affects Versions: 3.0.0 >Reporter: Manfred Koch >Priority: Major > > The certchain parameter of the jarsigne should be also supported by the Maven > plugin. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MJARSIGNER-63) certchain should be supported by default
[
https://issues.apache.org/jira/browse/MJARSIGNER-63?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17793683#comment-17793683
]
Lennart Schedin commented on MJARSIGNER-63:
---
As far as I can se this was already implemented in the scope of
[https://issues.apache.org/jira/projects/MJARSIGNER/issues/MJARSIGNER-53.]
However it looks like there was a documentation bug (it has {{{}readonly =
true{}}}) so that the configuration parameter
({{{}[|file:///C:/git/maven-jarsigner-plugin/target/site/sign-mojo.html#certchain]{}}}
or {{{}jarsigner.certchain{}}}) was not correctly published on
[https://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html.|https://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html]
But it still looks like it is possible to use the parameter.
*Complicated setup code:*
{code:java}
# Generate root keystore, key pair, and self-signed certificate
keytool -genkeypair -v \
-keystore codesignkeystore.jks \
-keyalg RSA \
-keysize 2048 \
-alias rootkey \
-dname "CN=RootCA" \
-storepass password1234 \
-keypass password1234 \
-validity 3650
# Export the root certificate
keytool -exportcert -v \
-keystore codesignkeystore.jks \
-alias rootkey \
-file root.crt \
-storepass password1234
# Generate code signing key pair
keytool -genkeypair -v \
-keystore codesignkeystore.jks \
-keyalg RSA \
-keysize 2048 \
-alias codesignkey \
-dname "CN=CodeSignKey" \
-storepass password1234 \
-keypass password1234 \
-validity 365
# Sign the code signing certificate with the root key pair
keytool -certreq -v \
-keystore codesignkeystore.jks \
-alias codesignkey \
-file codesignkey.csr \
-storepass password1234 \
-keypass password1234
keytool -gencert -v \
-keystore codesignkeystore.jks \
-alias rootkey \
-infile codesignkey.csr \
-outfile codesignkey.crt \
-storepass password1234 \
-keypass password1234
# Create a Hello-world style jar file
echo 'public class Main { public static void main(String[] args) {
System.out.println("Hello, World!"); } }' > Main.java
javac Main.java
jar cfe helloworld.jar Main Main.class
# Create a dummy Maven pom.xml file for the mvn command to execute in
echo "http://maven.apache.org/POM/4.0.0\;
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\;
xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd\;>4.0.0com.examplecertchain-test1.0.0"
> pom.xml
{code}
*Execution without the parameter set:*
{code:java}
mvn org.apache.maven.plugins:maven-jarsigner-plugin:3.0.0:sign \
-Djarsigner.keystore=codesignkeystore.jks \
-Djarsigner.storepass=password1234 \
-Djarsigner.keypass=password1234 \
-Djarsigner.alias=codesignkey \
-Djarsigner.archive=helloworld.jar \
-Djarsigner.verbose=true
{code}
*Execution with the parameter set:*
{code:java}
mvn org.apache.maven.plugins:maven-jarsigner-plugin:3.0.0:sign \
-Djarsigner.keystore=codesignkeystore.jks \
-Djarsigner.storepass=password1234 \
-Djarsigner.keypass=password1234 \
-Djarsigner.alias=codesignkey \
-Djarsigner.archive=helloworld.jar \
-Djarsigner.verbose=true \
-Djarsigner.certchain=root.crt
{code}
Without the parameter set, I get this output (that I don't get with the
parameter set):
{code:java}
[INFO] >>> Signer
[INFO] X.509, CN=CodeSignKey
[INFO] [trusted certificate] {code}
This leads me to believe that this parameter in fact works (although it is not
documented).
> certchain should be supported by default
>
>
> Key: MJARSIGNER-63
> URL: https://issues.apache.org/jira/browse/MJARSIGNER-63
> Project: Maven Jar Signer Plugin
> Issue Type: Improvement
>Affects Versions: 3.0.0
>Reporter: Manfred Koch
>Priority: Major
>
> The certchain parameter of the jarsigne should be also supported by the Maven
> plugin.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
