我设法创建主jar,将依赖复制到单个目录,剩下的唯一步骤就是签署所有jars。maven sign不仅可以生成jar,还可以依赖
我可以签署我自己生产的jar作为jar的一部分:sign,但是我如何签署依赖关系?
感谢
我设法创建主jar,将依赖复制到单个目录,剩下的唯一步骤就是签署所有jars。maven sign不仅可以生成jar,还可以依赖
我可以签署我自己生产的jar作为jar的一部分:sign,但是我如何签署依赖关系?
感谢
这里有几个选项:
添加到插件配置<archiveDirectory>target</archiveDirectory>
如果您正在使用maven-jar-plugin
,您可以指定哪些单罐子使用“jarPath”设置签名。下面的配置使得JAR-与依赖性文件将签署而不是依赖少的jar文件:
<plugin>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- NOTE: The secret key is in shared version control. The
password is in shared version control. This IS NOT
SECURE. It's intended to help avoid accidentally
loading the wrong class, nothing more. -->
<jarPath>${project.build.directory}/${project.build.FinalName}-${project.packaging}-with-dependencies.${project.packaging}</jarPath>
<keystore>${basedir}/keystore</keystore>
<alias>SharedSecret</alias>
<storepass>FOO</storepass>
</configuration>
</plugin>
如果要签两个,我不知道该怎么做,与maven-jar-plugin
,所以你可能需要看看上面提到的其他选项。
也可以使用maven-assembly-plugin创建一个JAR。
再加上Eric Anderson(签署另一个JAR)的另一个建议,可以签署这个组装的JAR(而不是原始的JAR)。请注意,插件定义的顺序在这里很重要。
假定sign.keystore.file等设置在别处(例如在配置文件中)。
<build>
<plugins>
<!-- It seems that maven-assembly-plugin must be declared before the maven-jar-plugin,
so that it is executed first in the package phase,
and then the signing of the packaged jar can succeed. -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.4</version>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
<archive>
<manifestEntries>
<!-- ... -->
</manifestEntries>
</archive>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
</execution>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<jarPath>${project.build.directory}/${project.build.FinalName}-${project.packaging}-with-dependencies.${project.packaging}</jarPath>
<keystore>${sign.keystore.file}</keystore>
<type>${sign.keystore.type}</type>
<storepass>${sign.keystore.storepass}</storepass>
<alias>${sign.keystore.alias}</alias>
<verify>true</verify>
<verbose>false</verbose>
<removeExistingSignatures>true</removeExistingSignatures>
</configuration>
</execution>
</executions>
<configuration>
<archive>
<manifest>
<!-- <addClasspath>true</addClasspath> -->
</manifest>
<manifestEntries>
<!-- ... -->
</manifestEntries>
</archive>
</configuration>
</plugin>
</plugins>
</build>
这将是一个插件的jarsigner参数(http://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html#archiveDirectory),但目标不是一个很好的价值。目标目录不对应于所需jar的根目录。 – Eero 2010-11-29 11:30:22