Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] would it be possible for tycho to check the signing (and sign) all plugin jars that are put into the product?
isn't the maven-jarsigner-plugin only used for plugins that you build yourself?
So the plugin projects with pom files that are compiled, built, repacked, and signed by tycho?

But that's not what i talk about

one example is this:


and 


which makes a p2 site for us where the jars are coming from all kinds of things (mostly from maven central)

but those jars are for the most part not signed..

So I end up with a generated repository with all kinds of jars that are not signed.

And this is a p2 site that i generate from all kinds of maven central jars so we can build our product
so our target file points to the above p2 site:
(like orbit)

But for example we also use chromium in our target file:



but that 3rd party site has jars that are also not signed by the maker of that site.

So i like to when i build or product sign those jars that are included in our full product/repo also just to be signed by our certificate



On Wed, 6 Jan 2021 at 12:24, Mickael Istria <mistria@xxxxxxxxxx> wrote:
Can you please elaborate what specifically is preventing you from using the maven-jarsigner-plugin? I don't think there is a fundamental reason for this to not work, I imagine it can be made to work.
_______________________________________________
tycho-user mailing list
tycho-user@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/tycho-user


--
Johan Compagner
Servoy

Back to the top