On 5/22/08, Jan Torben Heuer <[EMAIL PROTECTED]> wrote: > Hi, > > just want to know the best-practise of the keytool plugin. > > Where do you store your keys? I'd prefer the local maven directory > $HOME/.m2 - but is there a platform independent variable?
You're hitting http://mojo.codehaus.org/keytool-maven-plugin/faq.html This should really be a described page in the keytool plugin site. I created a jira issue for reference.http://jira.codehaus.org/browse/MKEYTOOL-5 that points to this thread. There are 2 issues: location and configuration It really depends on how you plan to sign your keys. I guess not everybody have access to your sign key. Some people put the key in subversion, which is not a good security practice. Some people use fake keys except on the machine where someone builds the official version. See also [1] So from a configuration point of view, the key location probably needs to be specified in a property, so that it can be different per user's. As for location $HOME/.m2 is a good choice and can be identified using system properties: ${user.home}/.m2 > I set up the keytool in the parent pom - but the config is inheritet to its > modules so the keytool plugin tries to generate the key for each submodule. > I don't think it is a bug but the normal way how a plugin should work. So > what do you do? Create another submodule just for the key? When I used it, I configured keytool it in the module I needed to generate the key in. If you only need it for a subset of modules, you could try to configure keytool in the pluginManagement section of your root POM and only use the plugin in the <build> section of the appropriate module. I heard some people say they didn't like the verbosity of the pluginManagement section, so if you're like them, you could just use a property in the root POM to have the keytool location in one place and reuse that property in all the <build> sections of the POMs that specify the keytool plugin. Feel free to answer when you've found something that satisfies you. Cheers, [1] there's an alternative way to sign keys, using an http service. Cf the FAQ. --------------------------------------------------------------------- To unsubscribe from this list, please visit: http://xircles.codehaus.org/manage_email
