Maven 可以重新签署依赖项吗? [英] Can Maven re-sign dependencies?
问题描述
我正在使用 maven-jarsigner-plugin
来签署我的一个带阴影的 uber-jar.不过,我确实需要在它们自己的 jar 中分发一些依赖项,并且想从 Maven 存储库中获取这些 jar,清除它们的任何现有签名,并使用我自己的证书对其进行签名.
I'm using maven-jarsigner-plugin
to sign a shaded uber-jar of mine. I do need to distribute some dependencies in their own jars though, and want to take those jars from a Maven repo, clear them of any existing signatures, and sign them with my own certificate.
是否有任何 Maven 插件可以做到这一点,或者我是否会涉及一些 Ant 插件黑客?
Are there any Maven plugins that do this, or would i involve some Ant plugin hackery?
推荐答案
原来 maven-jarsigner-plugin
可以使用它的 removeExistingSignatures re-sign 现有的 jars
配置元素.好简单!
Turns out maven-jarsigner-plugin
can re-sign existing jars using it's removeExistingSignatures
config element. So simple!
我在 generate-resources
阶段使用 maven-dependency-plugin
将工件复制到 .war 项目中,然后在 process-resources 中对它们进行签名
阶段.
I use maven-dependency-plugin
to copy artifacts into a .war project in the generate-resources
phase, then sign them in the process-resources
phase.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.8</version>
<executions>
<execution>
<id>copy</id>
<phase>generate-resources</phase>
<goals>
<goal>copy</goal>
</goals>
<configuration>
<artifactItems>
<artifactItem>
<groupId>org.lwjgl.lwjgl</groupId>
<artifactId>lwjgl-platform</artifactId>
<version>2.9.0</version>
<classifier>natives-osx</classifier>
<type>jar</type>
<overWrite>true</overWrite>
<outputDirectory>src/main/webapp/</outputDirectory>
<destFileName>lwjgl-platform-natives-osx.jar</destFileName>
</artifactItem>
</artifactItems>
<outputDirectory>src/main/webapp</outputDirectory>
<overWriteReleases>true</overWriteReleases>
<overWriteSnapshots>true</overWriteSnapshots>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>sign</id>
<phase>process-resources</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${basedir}/path/to/my.keystore</keystore>
<alias>alias</alias>
<storepass>password</storepass>
<keypass>password</keypass>
<verbose>true</verbose>
<archiveDirectory>src/main/webapp/</archiveDirectory>
<processMainArtifact>false</processMainArtifact>
<removeExistingSignatures>true</removeExistingSignatures>
</configuration>
</plugin>
这篇关于Maven 可以重新签署依赖项吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!