Maven 2 maven不仅可以签名生成的jar,还可以签名依赖项吗
我设法创建了主jar,将依赖项复制到单个目录,剩下的唯一一步就是对所有jar进行签名 我可以将自己生成的jar作为jar:sign的一部分进行签名,但是如何对依赖项进行签名呢Maven 2 maven不仅可以签名生成的jar,还可以签名依赖项吗,maven-2,jar,sign,Maven 2,Jar,Sign,我设法创建了主jar,将依赖项复制到单个目录,剩下的唯一一步就是对所有jar进行签名 我可以将自己生成的jar作为jar:sign的一部分进行签名,但是如何对依赖项进行签名呢 谢谢这里有几个选项: 使用Maven ant任务针对所有依赖项从JDK运行jarsigner 使用可以对所有JAR进行签名的,即使您不是为了应用程序的JNLP而使用它。我正在使用它来实际JNLPize一个应用程序 看看webstart插件源代码是如何迭代所有依赖项并对它们进行签名的,然后启动一个新的Maven插件/Mojo
谢谢这里有几个选项:
添加到插件配置
targetmaven-jar-plugin<plugin>
<artifactId>maven-jar-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<!-- NOTE: The secret key is in shared version control. The
password is in shared version control. This IS NOT
SECURE. It's intended to help avoid accidentally
loading the wrong class, nothing more. -->
<jarPath>${project.build.directory}/${project.build.FinalName}-${project.packaging}-with-dependencies.${project.packaging}</jarPath>
<keystore>${basedir}/keystore</keystore>
<alias>SharedSecret</alias>
<storepass>FOO</storepass>
</configuration>
</plugin>
maven jar插件
签名
组装
包裹
签名
${project.build.directory}/${project.build.FinalName}-${project.packaging}-带依赖项。${project.packaging}
${basedir}/keystore
共享秘密
福
如果您想同时签署这两个文件,我不知道如何使用
maven jar插件
maven汇编插件
2.4
带有依赖项的jar
组装
包裹
单一的
org.apache.maven.plugins
maven jar插件
2.4
罐子
组装
包裹
签名
${project.build.directory}/${project.build.FinalName}-${project.packaging}-带依赖项。${project.packaging}
${sign.keystore.file}
${sign.keystore.type}
${sign.keystore.storepass}
${sign.keystore.alias}
真的
假的
真的
<build>
<plugins>
<!-- It seems that maven-assembly-plugin must be declared before the maven-jar-plugin,
so that it is executed first in the package phase,
and then the signing of the packaged jar can succeed. -->
<plugin>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.4</version>
<configuration>
<descriptorRefs>
<descriptorRef>jar-with-dependencies</descriptorRef>
</descriptorRefs>
<archive>
<manifestEntries>
<!-- ... -->
</manifestEntries>
</archive>
</configuration>
<executions>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>single</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.4</version>
<executions>
<execution>
<goals>
<goal>jar</goal>
</goals>
</execution>
<execution>
<id>make-assembly</id>
<phase>package</phase>
<goals>
<goal>sign</goal>
</goals>
<configuration>
<jarPath>${project.build.directory}/${project.build.FinalName}-${project.packaging}-with-dependencies.${project.packaging}</jarPath>
<keystore>${sign.keystore.file}</keystore>
<type>${sign.keystore.type}</type>
<storepass>${sign.keystore.storepass}</storepass>
<alias>${sign.keystore.alias}</alias>
<verify>true</verify>
<verbose>false</verbose>
<removeExistingSignatures>true</removeExistingSignatures>
</configuration>
</execution>
</executions>
<configuration>
<archive>
<manifest>
<!-- <addClasspath>true</addClasspath> -->
</manifest>
<manifestEntries>
<!-- ... -->
</manifestEntries>
</archive>
</configuration>
</plugin>
</plugins>
</build>