Now you're instructing the normal jar:jar to also build the jar with a
classifier.
Move the configuration inside the execution so that it will only
effect the jar:sign.
Tom
On 1/10/07, diroussel <[EMAIL PROTECTED]> wrote:
Ah, ok that makes sense.
*goes off the look at classifiers*
I've now changed my config to:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
<version>2.1</version>
<executions>
<execution>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<classifier>signed</classifier>
<keystore>..\build_resources\codeSign\dev.keystore</keystore>
<alias>codesign</alias>
<storepass>mypass</storepass>
<keypass>mypass</keypass>
<signedjar>${project.build.directory}/signed/${project.build.finalName}.jar</signedjar>
<verify>true</verify>
</configuration>
</plugin>
But I get a error from jarsigner.exe that it can't find the jar, and indeed
in my target I see:
target\Base_J2SE-signed.jar
target\signed\
there is no unsigned jar! it's been removed. Also the signed jar is not
going in the 'signedjar' location.
I think another problem is compounding this, I think the goal is being run
twice. As before I made this change it was signing the jar, then signing
it again, then saying jar was already signed.
Am I setting the classifier correctly?
Thanks
David
Tom Huybrechts wrote:
>
> the JarSignMojo signs the original jar, and then does
> project.getArtifact().setFile(signedJar) which basically tells all
> later plugins that this is the output of this project.
> That's probably why surefire is usign the signed jar.
> If you want to avoid this, assign a classifier to the signed jar.
>
> Tom
>
> On 1/10/07, Christian Goetze <[EMAIL PROTECTED]> wrote:
>> diroussel wrote:
>>
>> >The question is, why is surefire not using the un-signed jar. I have
>> two
>> >jars:
>> >target\MyJar.jar
>> >target\signed\MyJar.jar
>> >
>> >so why is surefire choosing the second one, not the normal one in the
>> normal
>> >place.
>> >
>> >Any ideas?
>> >
>> >
>> >
>> No ideas here, sorry....
>>
>> Just wanted to add my opinion that the jar signing should really be in
>> the assembly plugin. It is not very useful to have it in the jar plugin,
>> since all the third party jars which get pulled in via transitive
>> dependencies won't get signed.
>>
>> Currently, I do the jar signing as a post-processing step outside of
>> maven, for that reason. A pity, if you ask me...
>> --
>> cg
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/jar-signing---the-good-and-the-bad-tf2951737s177.html#a8262407
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
