在Maven工件上查看PGP签名 [英] Viewing a PGP signature on a Maven artifact

问题描述

我想从Central手动验证Maven工件上的PGP签名，但我不知道从哪里开始.

I'd like to manually verify the PGP signature on a Maven artifact from Central, but I don't know where to start.

我在Apache的将工件上传到Central Repository的指南，其中说:我们要求您为所有工件提供PGP签名".

I see on Apache's Guide to uploading artifacts to the Central Repository that it says "we require you to provide PGP signatures for all your artifacts".

我已经看到Sonatype的Nexus Pro软件在

And I've seen that Sonatype's Nexus Pro software mentions verifying signatures in a blog post on Nexus Pro features

但是我找不到有关如何手动获取签名的任何信息.我对GPG足够熟悉，可以执行实际的验证.如何在Central中获取工件的.asc文件?

But I can't find any information on how to get the signatures manually. I'm familiar enough with GPG to perform the actual verification. How do I get a .asc file for an artifact in Central?

推荐答案

您可以简单地下载这些工件(.asc)文件并手动检查签名.可以通过http这样访问Maven Central:

You can simple download those artifacts (.asc) files and manually check the signature. Maven Central is accessible via http like this:

http://search.maven.org/remotecontent?filepath=com/soebes/smpp/smpp/0.4/smpp-0.4.pom.asc

这篇关于在Maven工件上查看PGP签名的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！