JarCasting
JarCasting JarCasting

pgp-signature-check-plugin

Automatically check PGP signatures on downloaded artifacts using GPG

Лицензия

Лицензия
Группа

Группа

com.github.exabrial
Идентификатор

Идентификатор

pgp-signature-check-plugin
Последняя версия

Последняя версия

1.0.3
Дата

Дата
Тип

Тип

maven-plugin
Описание

Описание

pgp-signature-check-plugin
Automatically check PGP signatures on downloaded artifacts using GPG
Ссылка на сайт

Ссылка на сайт

https://github.com/exabrial/pgp-signature-check-plugin
Система контроля версий

Система контроля версий

https://github.com/exabrial/pgp-signature-check-plugin/tree/master

Скачать pgp-signature-check-plugin

Имя Файла Размер
pgp-signature-check-plugin-1.0.3.pom
pgp-signature-check-plugin-1.0.3.jar 49 KB
pgp-signature-check-plugin-1.0.3-sources.jar 44 KB
pgp-signature-check-plugin-1.0.3-javadoc.jar 197 KB
Обзор

Как подключить последнюю версию

<plugin>
    <groupId>com.github.exabrial</groupId>
    <artifactId>pgp-signature-check-plugin</artifactId>
    <version>1.0.3</version>
</plugin>

Зависимости

compile (4)

Идентификатор библиотеки Тип Версия
org.codehaus.plexus : plexus-utils jar 3.0.24
org.apache.maven.shared : maven-common-artifact-filters jar 3.0.1
org.apache.maven.shared : maven-artifact-transfer jar 0.9.1
commons-io : commons-io jar 2.6

provided (9)

Идентификатор библиотеки Тип Версия
javax.inject : javax.inject jar 1
javax.annotation : jsr250-api jar 1.0
org.apache.maven : maven-artifact jar 3.3.9
org.apache.maven : maven-core jar 3.3.9
org.apache.maven.plugin-tools : maven-plugin-annotations jar 3.3
org.apache.maven : maven-plugin-api jar 3.0
org.sonatype.sisu : sisu-inject-plexus jar 1.4.2
org.sonatype.sisu : sisu-inject-bean jar 1.4.2
com.github.spotbugs : spotbugs-annotations jar 3.1.5

test (2)

Идентификатор библиотеки Тип Версия
org.junit.jupiter : junit-jupiter-api jar 5.2.0
org.mockito : mockito-junit-jupiter jar 2.19.0

Модули Проекта

Данный проект не имеет модулей.

pgp-signature-check-plugin

Maven plugin to automatically check PGP signatures of downloaded artifacts

Usage

Please see the docs at http://exabrial.github.io/pgp-signature-check-plugin/

But here are the Maven Coordinates:

<groupId>com.github.exabrial</groupId>
<artifactId>pgp-signature-check-plugin</artifactId>

Acknowledgements

This entire project was inspired by the amazing work over at https://github.com/s4u/pgpverify-maven-plugin. We borrow one class under the Apache Source License. If you're wondering the difference between the two, this project uses the native gpg on your system. This allows this plugin to handle all corner cases, such as signing using a subkey, ECDSA keys, and much more.

Building

You'll need Java8, a ~/.m2/toolchains.xmlfile setup pointing to your Java8 install, and current Maven.

Profiles

sign

  • mvn clean install -P sign
  • Signs the artifacts in the build. Required for release:
    • mvn clean release:prepare release:perform -P sign

skipChecks

  • mvn clean install -P skipChecks
  • Skips all static analysis, runs unit tests

site

  • mvn clean site -P site
  • Reports on all static analysis. Handy to see unit test coverage

gh-pages

  • git checkout pgp-signature-check-plugin-1.0.X
  • mvn clean site -P gh-pages
  • Builds the public facing website. Override the sysprop:
    • mvn clean site -P gh-pages -Dgithub.site.skip=false to actually deploy. You must have a server setup in settings.xml to do this of course.

eclipse

  • Adds the junit5 provider to the classpath
  • Set this as the default profile inside Eclipse or your IDE

Версии библиотеки

Версия
1.0.3
1.0.2
1.0.1
1.0.0