JarCasting
JarCasting JarCasting

pgp-signature-check-plugin

Automatically check PGP signatures on downloaded artifacts using GPG

License

License
GroupId

GroupId

com.github.exabrial
ArtifactId

ArtifactId

pgp-signature-check-plugin
Last Version

Last Version

1.0.3
Release Date

Release Date
Type

Type

maven-plugin
Description

Description

pgp-signature-check-plugin
Automatically check PGP signatures on downloaded artifacts using GPG
Project URL

Project URL

https://github.com/exabrial/pgp-signature-check-plugin
Source Code Management

Source Code Management

https://github.com/exabrial/pgp-signature-check-plugin/tree/master

Download pgp-signature-check-plugin

Filename Size
pgp-signature-check-plugin-1.0.3.pom
pgp-signature-check-plugin-1.0.3.jar 49 KB
pgp-signature-check-plugin-1.0.3-sources.jar 44 KB
pgp-signature-check-plugin-1.0.3-javadoc.jar 197 KB
Browse

How to add to project

<plugin>
    <groupId>com.github.exabrial</groupId>
    <artifactId>pgp-signature-check-plugin</artifactId>
    <version>1.0.3</version>
</plugin>

Dependencies

compile (4)

Group / Artifact Type Version
org.codehaus.plexus : plexus-utils jar 3.0.24
org.apache.maven.shared : maven-common-artifact-filters jar 3.0.1
org.apache.maven.shared : maven-artifact-transfer jar 0.9.1
commons-io : commons-io jar 2.6

provided (9)

Group / Artifact Type Version
javax.inject : javax.inject jar 1
javax.annotation : jsr250-api jar 1.0
org.apache.maven : maven-artifact jar 3.3.9
org.apache.maven : maven-core jar 3.3.9
org.apache.maven.plugin-tools : maven-plugin-annotations jar 3.3
org.apache.maven : maven-plugin-api jar 3.0
org.sonatype.sisu : sisu-inject-plexus jar 1.4.2
org.sonatype.sisu : sisu-inject-bean jar 1.4.2
com.github.spotbugs : spotbugs-annotations jar 3.1.5

test (2)

Group / Artifact Type Version
org.junit.jupiter : junit-jupiter-api jar 5.2.0
org.mockito : mockito-junit-jupiter jar 2.19.0

Project Modules

There are no modules declared in this project.

pgp-signature-check-plugin

Maven plugin to automatically check PGP signatures of downloaded artifacts

Usage

Please see the docs at http://exabrial.github.io/pgp-signature-check-plugin/

But here are the Maven Coordinates:

<groupId>com.github.exabrial</groupId>
<artifactId>pgp-signature-check-plugin</artifactId>

Acknowledgements

This entire project was inspired by the amazing work over at https://github.com/s4u/pgpverify-maven-plugin. We borrow one class under the Apache Source License. If you're wondering the difference between the two, this project uses the native gpg on your system. This allows this plugin to handle all corner cases, such as signing using a subkey, ECDSA keys, and much more.

Building

You'll need Java8, a ~/.m2/toolchains.xmlfile setup pointing to your Java8 install, and current Maven.

Profiles

sign

  • mvn clean install -P sign
  • Signs the artifacts in the build. Required for release:
    • mvn clean release:prepare release:perform -P sign

skipChecks

  • mvn clean install -P skipChecks
  • Skips all static analysis, runs unit tests

site

  • mvn clean site -P site
  • Reports on all static analysis. Handy to see unit test coverage

gh-pages

  • git checkout pgp-signature-check-plugin-1.0.X
  • mvn clean site -P gh-pages
  • Builds the public facing website. Override the sysprop:
    • mvn clean site -P gh-pages -Dgithub.site.skip=false to actually deploy. You must have a server setup in settings.xml to do this of course.

eclipse

  • Adds the junit5 provider to the classpath
  • Set this as the default profile inside Eclipse or your IDE

Versions

Version
1.0.3
1.0.2
1.0.1
1.0.0