Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Sign a jar file created with maven-assembly plugin

Tags:

java

maven

jar-signing

I'd like to build an assembly and then sign it. My problem is that the jarsigner signs not the assembly, only the standalone jar file. Could you tell me what is the problem? Maven seems like 'magic' to me after having used Ant for years.. I can't see the way the plugins cooperate and pass information to each other.

After executing mvn install, I get two jar files, one called example-1.0.0-SNAPSHOT.jar and this is signed, and one called example-1.0.0-jar-with-dependencies.jar and this is not signed. I do not need the solo one, only the assembly, but that signed.

Here is my pom.xml:

<build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-jarsigner-plugin</artifactId>
                <version>1.2</version>
                <executions>
                    <execution>
                        <id>sign</id>
                        <goals>
                            <goal>sign</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <keystore>${project.basedir}\keystore\mykeystore</keystore>
                    <alias>myalias</alias>
                    <storepass>...</storepass>
                    <keypass>...</keypass>
                </configuration>
            </plugin>

            <plugin>
                <artifactId>maven-assembly-plugin</artifactId>
                <executions>
                    <execution>
                        <id>make-my-assembly</id>
                        <phase>package</phase>
                        <goals>
                            <goal>single</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <archive>
                        <manifest>
                            <mainClass>com.example.FooBar</mainClass>
                        </manifest>
                    </archive>
                    <appendAssemblyId>true</appendAssemblyId>
                    <descriptorRefs>
                        <descriptorRef>jar-with-dependencies</descriptorRef>
                    </descriptorRefs>
                </configuration>
            </plugin>
        </plugins>
    </build>
like image 518
jabal Avatar asked Jul 08 '12 16:07

jabal

People also ask

How do I package a maven project into a jar?

In order to compile the project into an executable jar, please run Maven with mvn clean package command.

Why do we sign JAR files?

Signing a jar file, just like using certificates in other contexts, is done so that people using it know where it came from. People may trust that Chris Carruthers isn't going to write malicious code, and so they're willing to allow your applet access to their file system.

What is use of assembly plugin in maven?

The Assembly Plugin for Maven enables developers to combine project output into a single distributable archive that also contains dependencies, modules, site documentation, and other files. Your project can easily build distribution "assemblies" using one of the prefabricated assembly descriptors.

2 Answers

    <configuration>
        <archiveDirectory>${project.build.directory}</archiveDirectory>
        <includes>
           <include>*.jar</include>
        </includes>
        <keystore>${project.basedir}/keystore/mykeystore</keystore>
        <alias>keyalias</alias>
        <storepass>storepass</storepass>
        <keypass>keypass</keypass>
    </configuration>

Refer this http://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html

like image 125
arulraj.net Avatar answered Oct 19 '22 07:10

arulraj.net

You should try to put the maven-assembly-plugin into the prepare-package phase instead of the package phase:

  <plugin>
    <artifactId>maven-assembly-plugin</artifactId>
    <executions>
        <execution>
            <id>make-my-assembly</id>
            <phase>prepare-package</phase>
            <goals>
                <goal>single</goal>
            </goals>
        </execution>
    </executions>
    ...
</plugin>
like image 39
khmarbaise Avatar answered Oct 19 '22 07:10

khmarbaise
Sign in to Comment

Related questions

How to create own annotation for junit that will skip test if concrete exception was thrown during execution?
how to make program able to install
Web service that works as REST and SOAP using Java/Jersey
Optionally using String.split(), split a string at the last occurance of a delimiter
Java: Extract all links with a certain word in them with JSoup?
How to Enable Spring Security for Apache-CXF JAX-WS
Apache httpclient does not exist. Error
Can we use .contains(BigDecimal.ZERO) when reading a list in JAVA?
How does an Iterator throw ConcurrentModificationException on add
Unable to open JNLP client
Java generics: Declare map value of generic type
Is there any justification not to ALWAYS use AtomicInteger as data members?
Eclipse create CompilationUnit from .java file
Login with facebook in Spring MVC application?
Java JDBC efficiency: How long should a connection be maintained?
Auto adjusting of UI based on screen size,UI in java swing
Arquillian Drone/Graphene/Selenium and UI/Functionality Testing
Virtual trackball implementation
PrimeFaces Not Rendering
How do I pass javac multiple command-line arguments, some of which include colon, without breaking Maven release plugin?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!