Comments (8)
ddidier
commented on September 27, 2024
I didn't see that the key was not found using cli arguments. Even this one is not working when I pass an absolute file path. I must do something wrong but I don't know what.
from sign-maven-plugin.
slawekjaranowski
commented on September 27, 2024
can you try configuration like:
<plugins>
<plugin>
<groupId>org.simplify4u.plugins</groupId>
<artifactId>sign-maven-plugin</artifactId>
<version>0.3.1</version>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keyId>9D08D506AB01D82A8E7090F0C0FF87F9EEC1EF5D</keyId>
<keyPass>test</keyPass>
<keyFile>~/.m2/sign-key.ascxxxxxxxxxxxxxxxxxxxxxxxxxxxxx</keyFile>
</configuration>
</plugin>
</plugins>run only sign:sing without build package probably cause to not found artifact to sign - but configuration should be accessible by plugin
from sign-maven-plugin.
slawekjaranowski
commented on September 27, 2024
https://maven.apache.org/guides/mini/guide-default-execution-ids.html
from sign-maven-plugin.
ddidier
commented on September 27, 2024
mvn clean install sign:sign is working with:
<plugin>
<groupId>org.simplify4u.plugins</groupId>
<artifactId>sign-maven-plugin</artifactId>
<version>0.3.1</version>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keyId>9D08D506AB01D82A8E7090F0C0FF87F9EEC1EF5D</keyId>
<keyPass>test</keyPass>
<keyFile>/home/xxx/.m2/sign-key.asc</keyFile>
</configuration>
</plugin>Note that keyFile is /home/xxx/.m2/sign-key.asc and not ~/.m2/sign-key.asc which is not working. That makes sense since this is a Java program.
But SIGN_KEY=/home/xxx/.m2/sign-key.asc SIGN_KEY_ID=9D08D506AB01D82A8E7090F0C0FF87F9EEC1EF5D SIGN_KEY_PASS=test mvn clean install sign:sign is not working with:
<plugin>
<groupId>org.simplify4u.plugins</groupId>
<artifactId>sign-maven-plugin</artifactId>
<version>0.3.1</version>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>The environment variables are not taken into account:
[DEBUG] Configuring mojo org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign from plugin realm ClassRealm[plugin>org.simplify4u.plugins:sign-maven-plugin:0.3.1, parent: jdk.internal.loader.ClassLoaders$AppClassLoader@443b7951]
[DEBUG] Configuring mojo 'org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign' with basic configurator -->
[DEBUG] (f) keyFile = /home/xxx/.m2/sign-key.asc
[DEBUG] (f) skip = false
[DEBUG] (f) skipNoKey = true
[DEBUG] -- end configuration --
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.922 s
[INFO] Finished at: 2021-09-24T10:02:14+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign (default-cli) on project ndd-maven-parent: Execution default-cli of goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign failed: Secret key not found -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign (default-cli) on project ndd-maven-parent: Execution default-cli of goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign failed: Secret key not found
...
And mvn clean install sign:sign -Dsign.keyFile=/home/xxx/.m2/sign-key.asc -Dsign.keyId=9D08D506AB01D82A8E7090F0C0FF87F9EEC1EF5D -Dsign.keyPass=test is not working either although the variables seem to be taken into account:
[DEBUG] Configuring mojo org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign from plugin realm ClassRealm[plugin>org.simplify4u.plugins:sign-maven-plugin:0.3.1, parent: jdk.internal.loader.ClassLoaders$AppClassLoader@443b7951]
[DEBUG] Configuring mojo 'org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign' with basic configurator -->
[DEBUG] (f) keyFile = /home/xxx/.m2/sign-key.asc
[DEBUG] (f) keyId = 9D08D506AB01D82A8E7090F0C0FF87F9EEC1EF5D
[DEBUG] (f) keyPass = test
[DEBUG] (f) skip = false
[DEBUG] (f) skipNoKey = true
[DEBUG] -- end configuration --
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.900 s
[INFO] Finished at: 2021-09-24T10:06:04+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign (default-cli) on project ndd-maven-parent: Execution default-cli of goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign failed: Secret key not found -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign (default-cli) on project ndd-maven-parent: Execution default-cli of goal org.simplify4u.plugins:sign-maven-plugin:0.3.1:sign failed: Secret key not found
...
from sign-maven-plugin.
ddidier
commented on September 27, 2024
I created a small test case: sign-tests.tar.gz
test1.sh(pom only) is workingtest2.sh(environment variables) doesn'ttest3.sh(arguments) is also working although I cannot see the difference with my previous post
from sign-maven-plugin.
slawekjaranowski
commented on September 27, 2024
test2.sh
misunderstand configuration: SIGN_KEY - environment variable must contain private key content.
https://www.simplify4u.org/sign-maven-plugin/sign-mojo.html#keyFile
so change test to:
export SIGN_KEY=`cat sign-key.asc`and will be ok
we can improve documentation in this point - if you like please prepare proposition
test3.sh
configuration tags was moved from execution level to plugin level
and change command from
mvn sign:sing to
mvn clen install sign:sing execution hints
callling
mvn clean install sign:signcause to run sign plugin execute twice, once during verify maven phase and one from direct invoke from command line
it is enough to run mvn clean instal - sign plugin will bind to proper maven lifecycle phase
from sign-maven-plugin.
ddidier
commented on September 27, 2024
Thanks, that's now working!
The documentation says "Default value is: ${user.home}/.m2/sign-key.asc" so I thought that SIGN_KEY was a file too.
So maybe change:
This value can be delivered by environment variable SIGN_KEY. Environment variable must contain private key content.
to something like this:
This value can be delivered by environment variable SIGN_KEY. Environment variable must contain private key content, not the file path. Example: export SIGN_KEY=$(cat mykey.asc)
from sign-maven-plugin.
slawekjaranowski
commented on September 27, 2024
I'm happy that is working.
If you have another question/problem please create new issue.
from sign-maven-plugin.
Related Issues (18)
- Some extension project fail with 'has no file' error message. HOT 6
- EdDSA KeyFactory not available HOT 2
- PGPException: checksum mismatch at in checksum of 20 bytes HOT 2
- What is the correct private key content for `SIGN-KEY` environment variable HOT 2
- Support using this plugin out of maven projects HOT 4
- Split package openpgp to make it reusable HOT 2
- [TODO] Undo workaround for MSHARED-969 and MINVOKER-273 HOT 1
- Assert signature file name syntax
- [TODO] Review secret key expiration check HOT 2
- releases 0.1.0 and 0.2.0 are not reproducible HOT 5
- Allow maven encryption for keyPass
- [Feature] Add option to fail if the key cannot be found/signing cannot be done HOT 2
- Validate key expiration time HOT 5
- Dedicated goal to check public key used for signing the attached *.asc files properly uploaded to public keyserver HOT 2
- Signature file name should contain version
- Key configuration source in debug level HOT 1
- Support tilde `~` in key file path HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sign-maven-plugin.