search

s4u / pgpverify-maven-plugin

Verify Open PGP / GPG signatures plugin
https://www.simplify4u.org/pgpverify-maven-plugin/
Apache License 2.0
49 stars 20 forks source link

Incorrect reading of the file with artifact key identifiers #499

Closed freedom1b2830 closed 6 months ago

freedom1b2830 commented 10 months ago

Describe the bug The plugin ignores the noSig instruction for the artifact, possibly due to the use of capital letters in the version.

To Reproduce

<repository>
    <id>papermc</id>
    <url>https://repo.papermc.io/repository/maven-public/</url>
</repository>
<dependency>
    <groupId>io.papermc.paper</groupId>
    <artifactId>paper-api</artifactId>
    <version>1.20.1-R0.1-SNAPSHOT</version>
    <scope>provided</scope>
</dependency>

pgp map key file:

io.papermc.paper:paper-api:jar:1.20.1-R0.1-SNAPSHOT = noSig
io.papermc.paper:paper-api:pom:1.20.1-R0.1-SNAPSHOT = noSig

see log [ERROR] Unsigned artifact not listed in keys map: io.papermc.paper:paper-api:jar:1.20.1-R0.1-SNAPSHOT [ERROR] Unsigned artifact not listed in keys map: io.papermc.paper:paper-api:pom:1.20.1-R0.1-SNAPSHOT

Expected behavior plugin version, goal pgpverify-maven-plugin:1.17.0:check

slawekjaranowski commented 6 months ago

@freedom1b2830 - thanks for reports