maven-gpg-plugin SHA512

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

maven-gpg-plugin SHA512

Petr Ivanov
Hi all!


Struggling to configure maven-gpg-plugin to generate sha512 has sum to deployed artifacts alongside with asc.
Current config does not work:

            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-gpg-plugin</artifactId>
                <version>3.0.0</version>
                <configuration>
                    <gpgArguments>
                        <arg>--no-permission-warning</arg>
                        <arg>--digest-algo=SHA512</arg>
                    </gpgArguments>
                </configuration>
                <executions>
                    <execution>
                        <id>sign-artifacts</id>
                        <phase>verify</phase>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
            </plugin>


Documentation is predictably empty.

The final goal — sha512 hash sums for deployed artifacts with deploy goal.


Does anyone know how can this be achieved?
Thanks in advance!
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: maven-gpg-plugin SHA512

Oliver B. Fischer-2
I am sure that there is a better solution, but I don't know it yet ;-)

Have a look at
https://www.mojohaus.org/build-helper-maven-plugin/attach-artifact-mojo.html

Oliver

Am 22.01.21 um 16:11 schrieb Petr Ivanov:

> Hi all!
>
>
> Struggling to configure maven-gpg-plugin to generate sha512 has sum to deployed artifacts alongside with asc.
> Current config does not work:
>
>              <plugin>
>                  <groupId>org.apache.maven.plugins</groupId>
>                  <artifactId>maven-gpg-plugin</artifactId>
>                  <version>3.0.0</version>
>                  <configuration>
>                      <gpgArguments>
>                          <arg>--no-permission-warning</arg>
>                          <arg>--digest-algo=SHA512</arg>
>                      </gpgArguments>
>                  </configuration>
>                  <executions>
>                      <execution>
>                          <id>sign-artifacts</id>
>                          <phase>verify</phase>
>                          <goals>
>                              <goal>sign</goal>
>                          </goals>
>                      </execution>
>                  </executions>
>              </plugin>
>
>
> Documentation is predictably empty.
>
> The final goal — sha512 hash sums for deployed artifacts with deploy goal.
>
>
> Does anyone know how can this be achieved?
> Thanks in advance!
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
--
N Oliver B. Fischer
A Schönhauser Allee 64, 10437 Berlin, Deutschland/Germany
P +49 30 44793251
M +49 178 7903538
E [hidden email]
S oliver.b.fischer
J [hidden email]
X http://xing.to/obf


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: maven-gpg-plugin SHA512

Petr Ivanov
Nice plugin, thanks!


However, currently I am under impressions, that gpg plugin is not what am I looking for, 'cause it seems the initial md5 and sha1 sums are generated by maven-install-plugin which has no options whatsoever...
Also, cheksum-maven-plugin seems to be better suited for my task.


I will keep posted if it will be success :)


> On 24 Jan 2021, at 17:19, Oliver B. Fischer <[hidden email]> wrote:
>
> I am sure that there is a better solution, but I don't know it yet ;-)
>
> Have a look at https://www.mojohaus.org/build-helper-maven-plugin/attach-artifact-mojo.html
>
> Oliver
>
> Am 22.01.21 um 16:11 schrieb Petr Ivanov:
>> Hi all!
>>
>>
>> Struggling to configure maven-gpg-plugin to generate sha512 has sum to deployed artifacts alongside with asc.
>> Current config does not work:
>>
>>             <plugin>
>>                 <groupId>org.apache.maven.plugins</groupId>
>>                 <artifactId>maven-gpg-plugin</artifactId>
>>                 <version>3.0.0</version>
>>                 <configuration>
>>                     <gpgArguments>
>>                         <arg>--no-permission-warning</arg>
>>                         <arg>--digest-algo=SHA512</arg>
>>                     </gpgArguments>
>>                 </configuration>
>>                 <executions>
>>                     <execution>
>>                         <id>sign-artifacts</id>
>>                         <phase>verify</phase>
>>                         <goals>
>>                             <goal>sign</goal>
>>                         </goals>
>>                     </execution>
>>                 </executions>
>>             </plugin>
>>
>>
>> Documentation is predictably empty.
>>
>> The final goal — sha512 hash sums for deployed artifacts with deploy goal.
>>
>>
>> Does anyone know how can this be achieved?
>> Thanks in advance!
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
> --
> N Oliver B. Fischer
> A Schönhauser Allee 64, 10437 Berlin, Deutschland/Germany
> P +49 30 44793251
> M +49 178 7903538
> E [hidden email]
> S oliver.b.fischer
> J [hidden email]
> X http://xing.to/obf
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: maven-gpg-plugin SHA512

Petr Ivanov
Well, it seem that maven currently DOES NOT support sha512 sums in any way.

maven-checksum-plugin has been able to generate sha512 sums for jars, but:
1) it misses poms
2) maven install plugin still generates md5 and sha1 hashsums for all artifacts, including *.sha512 (which later gets uploaded with deploy task).

Thus — it seems currently impossible to comply with [1]...



[1] https://infra.apache.org/release-signing.html#basic-facts


> On 25 Jan 2021, at 11:34, Petr Ivanov <[hidden email]> wrote:
>
> Nice plugin, thanks!
>
>
> However, currently I am under impressions, that gpg plugin is not what am I looking for, 'cause it seems the initial md5 and sha1 sums are generated by maven-install-plugin which has no options whatsoever...
> Also, cheksum-maven-plugin seems to be better suited for my task.
>
>
> I will keep posted if it will be success :)
>
>
>> On 24 Jan 2021, at 17:19, Oliver B. Fischer <[hidden email]> wrote:
>>
>> I am sure that there is a better solution, but I don't know it yet ;-)
>>
>> Have a look at https://www.mojohaus.org/build-helper-maven-plugin/attach-artifact-mojo.html
>>
>> Oliver
>>
>> Am 22.01.21 um 16:11 schrieb Petr Ivanov:
>>> Hi all!
>>>
>>>
>>> Struggling to configure maven-gpg-plugin to generate sha512 has sum to deployed artifacts alongside with asc.
>>> Current config does not work:
>>>
>>>            <plugin>
>>>                <groupId>org.apache.maven.plugins</groupId>
>>>                <artifactId>maven-gpg-plugin</artifactId>
>>>                <version>3.0.0</version>
>>>                <configuration>
>>>                    <gpgArguments>
>>>                        <arg>--no-permission-warning</arg>
>>>                        <arg>--digest-algo=SHA512</arg>
>>>                    </gpgArguments>
>>>                </configuration>
>>>                <executions>
>>>                    <execution>
>>>                        <id>sign-artifacts</id>
>>>                        <phase>verify</phase>
>>>                        <goals>
>>>                            <goal>sign</goal>
>>>                        </goals>
>>>                    </execution>
>>>                </executions>
>>>            </plugin>
>>>
>>>
>>> Documentation is predictably empty.
>>>
>>> The final goal — sha512 hash sums for deployed artifacts with deploy goal.
>>>
>>>
>>> Does anyone know how can this be achieved?
>>> Thanks in advance!
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>> --
>> N Oliver B. Fischer
>> A Schönhauser Allee 64, 10437 Berlin, Deutschland/Germany
>> P +49 30 44793251
>> M +49 178 7903538
>> E [hidden email]
>> S oliver.b.fischer
>> J [hidden email]
>> X http://xing.to/obf
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: maven-gpg-plugin SHA512

michaelo
In reply to this post by Petr Ivanov
Don't waste your time. Read [1]: aether.checksums.algorithms

[1] https://maven.apache.org/resolver/configuration.html

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]