|Re: [cross-project-issues-dev] Any pointers on how to Eclipse-sign AND GPG-sign a jar?|
JAR signing of the bundles and GPG-signing of the Maven artifacts are two different steps. Once a jar has been "jar-signed", you may or may not GPG sign the corresponding Maven artifact (.jar + .pom file) so as it can be deployed on Central. As you hinted, JAR signing has to be done before the GPG signing, since doing it the other way around would break the GPG signature.
So you first have to sign your org.eclipse.m2e.workspace.cli JAR file with the Eclipse Fdn certificate, either using the Maven plugin from CBI, the command line utility, or the signing web service – see .
Once you have your signed JAR, you can GPG sign it and stage it on Central like this:
I hope this helps. FWIW we are trying to improve our GPG signing story and provide more guidance to projects regarding GPG in general so stay tuned…
Hope this helps!
+33 (0) 619196101
De : Fred Bricon <fbricon@xxxxxxxxx>
Répondre à : Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Date : vendredi 16 janvier 2015 19:04
À : Cross project issues <cross-project-issues-dev@xxxxxxxxxxx>
Objet : [cross-project-issues-dev] Any pointers on how to Eclipse-sign AND GPG-sign a jar?
Back to the top