On Friday 13 April 2007 07:28, Jerome Lacoste wrote: > > Sorry. Maven 2.0.6 and the released version of webstart-maven-plugin (I > > don't know how to find the version). > > then 1.0-alpha-1, that's the only one released. > > Isn't the version displayed when you do mvn -X ?
Why yes it is. doh! > > OK. So the first failure was due to a user configuration failure ? Yes, absolutely. > > OK now I get your problem. If you have a failure, then jars are > already copied and the mechanism to identify whether or not the jars > should be resigned is not good enough. > > That should be clearly an improvement. The best would be to be able to > check the signature. True, but probably a bit more overhead. > I would lean toward doing something like > > copy the file under a special name (i.e. myjar.jar_unsigned) sign it > and rename it to the final jar. That way only signed jars will have > the correct name. > > Does that sound good to you ? Seems like it should work. > Would you like to try to create a patch > for that ? I'd *like* to, but I'm really swamped at the moment so it won't happen for a while. Also, as mentioned elsewhere I had problems with a trunk-built version of the plugin (which probably only means spending more time I don't have). > Please open an issue in Jira. http://jira.codehaus.org/browse/MOJO-747 > > > Note: there are things that will always require you to make a clean: > e.g. if you change your key. maven cannot detect this. I'm OK with this. > > On a loosely related note: > > Would it be feasible to have signed jars put back into the repository > > with a classifier? Maybe only for certain artifacts, or non-snapshot > > versions? Or compare timestamps for two repository artifacts? (Not sure > > what's really practical here.) > > You basically want to minimize the number of jars to be signed again and > again. That would be nice. Have to see how this plays with the minijar > plugin. > > Putting back the signed jar into the repository should be possibke, > maybe as a functionality of the jar sign mojo. > > > As thing stand now, doing a "mvn clean" adds a bunch of (otherwise) > > unnecessary time for me. > > Only if you've made a configuration failure, right ? :) What I'm 'concerned' about is doing "mvn clean" at a much higher-level (because of some other problem else where in the build-system, and thus triggering an unnecessary signing later. David --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email
