hallvard
commented
6 years ago Sound like a reasonable request. Since I don't have any experience with this, but would like to learn about it, I'd be happy if you could provide some guidance.
Closed ghost closed 5 years ago
hallvard
commented
6 years ago Sound like a reasonable request. Since I don't have any experience with this, but would like to learn about it, I'd be happy if you could provide some guidance.
ghost
commented
6 years ago I've found a custom ant task in the parent POM to be the least obtrusive way to integrate signing into the pomless tycho build.
This should work out-of-the-box if you're comfortable with maintaining a keystore file on your release build environment. As a fan of clicky-fancy UIs I used keystore explorer to create a sample keystore with password 'changeit'. I think it's also possible to use your smartcard for this if you have one, but it might get tricky.
HOWTO:
plantuml-eclpse ~/codesigning/keystore.p12 net.sourceforge.plantuml.composite with a STOREPASS environment variable:
STOREPASS=mysecret mvn clean installAll signing options can be tweaked in the parent POM.
I had to unpack the embedded plantuml library JAR to get this to work, sorry about that. This could turn out to be a slight improvement in case the library is updated, since only changed files will go into the repository instead of the entire 5MB blob :)
Hi,
is there any chance of getting signed release artifacts? Most security-aware organizations do not allow binaries from unverifiable sources.
I'll gladly do all the work required to intgrate signing into your build/release process.