我正在使用我maven-jarsigner-plugin
的阴影超级罐子.我确实需要在自己的jar中分发一些依赖项,并希望从Maven仓库获取这些jar,清除它们的任何现有签名,并使用我自己的证书进行签名.
有没有Maven插件可以做到这一点,或者我会涉及一些Ant插件hackery?
结果maven-jarsigner-plugin
可以使用它的配置元素重新设置现有的罐子removeExistingSignatures
.很简单!
我使用maven-dependency-plugin
在generate-resources
阶段中将工件复制到.war项目中,然后在process-resources
阶段中对它们进行签名.
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.8</version> <executions> <execution> <id>copy</id> <phase>generate-resources</phase> <goals> <goal>copy</goal> </goals> <configuration> <artifactItems> <artifactItem> <groupId>org.lwjgl.lwjgl</groupId> <artifactId>lwjgl-platform</artifactId> <version>2.9.0</version> <classifier>natives-osx</classifier> <type>jar</type> <overWrite>true</overWrite> <outputDirectory>src/main/webapp/</outputDirectory> <destFileName>lwjgl-platform-natives-osx.jar</destFileName> </artifactItem> </artifactItems> <outputDirectory>src/main/webapp</outputDirectory> <overWriteReleases>true</overWriteReleases> <overWriteSnapshots>true</overWriteSnapshots> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>sign</id> <phase>process-resources</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> <configuration> <keystore>${basedir}/path/to/my.keystore</keystore> <alias>alias</alias> <storepass>password</storepass> <keypass>password</keypass> <verbose>true</verbose> <archiveDirectory>src/main/webapp/</archiveDirectory> <processMainArtifact>false</processMainArtifact> <removeExistingSignatures>true</removeExistingSignatures> </configuration> </plugin>