Re: [Opencast Matterhorn] Signing Releases

Tue, 13 Mar 2012 15:31:19 -0700 

Hi Greg,

I don't know the key keeper but I can share my experiences with jar signing. 
There's a maven plugin called maven-jarsigner-plugin 
(http://maven.apache.org/plugins/maven-jarsigner-plugin/) that does the job. 
Best you add this profile to the main pom:

   <profile>
      <id>sign</id>
      <build>
        <plugins>
          <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-jarsigner-plugin</artifactId>
            <executions>
              <execution>
                <goals>
                  <goal>sign</goal>
                </goals>
                <phase>package</phase>
                <configuration>
                  <keystore>docs/keystore/signing-jar.keystore</keystore>
                  <alias>signed</alias>
                  <verbose>true</verbose>
                  <archiveDirectory>modules</archiveDirectory>
                  <includes>
                    <include>**/target/matterhorn-*.jar</include>
                  </includes>
                  <storepass>opencast</storepass>
                  <keypass>opencast</keypass>
                </configuration>
              </execution>
            </executions>
          </plugin>
        </plugins>
      </build>
    </profile>

It requires the keys to reside in docs/keystore/signing-jar.keystore.
To test, create some keys with this shell script run in the root of your 
development dir.

#!/bin/sh
KEYSTORE=docs/keystore/signing-jar.keystore
ALIAS=signed
STOREPASS=opencast
KEYPASS=opencast
keytool -genkey -alias $ALIAS -keystore $KEYSTORE -storepass $STOREPASS 
-keypass $KEYPASS -dname "CN=bla, OU=Opencast, O=org.opencastproject, 
L=Somewhere, ST=Germany, C=DE"
keytool -selfcert -alias $ALIAS -keystore $KEYSTORE -storepass $STOREPASS 
-keypass $KEYPASS
        

Then you need to activate the profile when building MH with mvn install -Psign

Hope that helps,
Christoph



Am 13.03.2012 um 22:34 schrieb Greg Logan:

> Hi folks,
> 
> In the release process doc
> (http://opencast.jira.com/wiki/display/MH/Matterhorn+Release+Process+%28Wip%29)
> It suggests that we should be signing our release jars.  Does anyone
> know who has the key(s) for this and how to go about doing that?
> 
> G
> 
> _______________________________________________
> Matterhorn mailing list
> [email protected]
> http://lists.opencastproject.org/mailman/listinfo/matterhorn
> 
> 
> To unsubscribe please email
> [email protected]
> _______________________________________________

_______________________________________________
Matterhorn mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn


To unsubscribe please email
[email protected]
_______________________________________________

Reply via email to