Maven可以重新签署依赖关系吗？

编程入门行业动态更新时间:2024-10-26 06:31:05

本文介绍了Maven可以重新签署依赖关系吗？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

我正在使用 maven-jarsigner-plugin 来签署我的阴影超级罐。我确实需要在他们自己的罐子里分发一些依赖项，并希望从Maven仓库中取出这些罐子，清除它们的任何现有签名，并用我自己的证书签名。

I'm using maven-jarsigner-plugin to sign a shaded uber-jar of mine. I do need to distribute some dependencies in their own jars though, and want to take those jars from a Maven repo, clear them of any existing signatures, and sign them with my own certificate.

是否有任何Maven插件执行此操作，或者我是否会涉及一些Ant插件hackery？

Are there any Maven plugins that do this, or would i involve some Ant plugin hackery?

推荐答案

结果 maven-jarsigner-plugin 可以重新 - 使用它的 removeExistingSignatures 配置元素来设置现有的罐子。这么简单！

Turns out maven-jarsigner-plugin can re-sign existing jars using it's removeExistingSignatures config element. So simple!

我使用 maven-dependency-plugin 将工件复制到 generate-resources 阶段，然后在 process-resources 阶段签名。

I use maven-dependency-plugin to copy artifacts into a .war project in the generate-resources phase, then sign them in the process-resources phase.

<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.8</version> <executions> <execution> <id>copy</id> <phase>generate-resources</phase> <goals> <goal>copy</goal> </goals> <configuration> <artifactItems> <artifactItem> <groupId>org.lwjgl.lwjgl</groupId> <artifactId>lwjgl-platform</artifactId> <version>2.9.0</version> <classifier>natives-osx</classifier> <type>jar</type> <overWrite>true</overWrite> <outputDirectory>src/main/webapp/</outputDirectory> <destFileName>lwjgl-platform-natives-osx.jar</destFileName> </artifactItem> </artifactItems> <outputDirectory>src/main/webapp</outputDirectory> <overWriteReleases>true</overWriteReleases> <overWriteSnapshots>true</overWriteSnapshots> </configuration> </execution> </executions> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>sign</id> <phase>process-resources</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> <configuration> <keystore>${basedir}/path/to/my.keystore</keystore> <alias>alias</alias> <storepass>password</storepass> <keypass>password</keypass> <verbose>true</verbose> <archiveDirectory>src/main/webapp/</archiveDirectory> <processMainArtifact>false</processMainArtifact> <removeExistingSignatures>true</removeExistingSignatures> </configuration> </plugin>