- Apache/
- Maven/
- Plugins/
- Apache Maven Jarsigner Plugin/
- Usage
- | Last Published: 2018-11-03
- Version: 3.0.0
Usage
Some brief examples on how to use this plugin.
Signing a project artifact and attachments
If you need to sign a project artifact and all attached artifacts, just configure the sign goal appropriately in your pom.xml for the signing to occur automatically during the package phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>/path/to/the/keystore</keystore>
<alias>Alias name</alias>
<storepass>Store password</storepass>
<keypass>Key password</keypass>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
Since version 1.3 you can encrypt keypass and storepass using the maven encryption mechanism.
See http://maven.apache.org/guides/mini/guide-encryption.html.
Verifying the signature of a project artifact and attachments
If you need to verify the signatures of a project artifact and all attached artifacts, just configure the verify goal appropriately in your pom.xml for the verification to occur automatically during the verify phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.0.0</version>
<executions>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<verbose>true</verbose>
<certs>true</certs>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
How to disable the Jarsigner Plugin
mvn ... -Djarsigner.skip=true
For full documentation, please see the respective goal documentation.