I'm using maven & tyhco to compile & build my eclipse plugins and create a p2 repository.
However, when I install my plugins, eclipse shows a warning for the untrusted content. I know that to solve this issue, I must sign the plugins I distribute.
However, I don't know if there is a way to sign the plugins I'm building with tycho...
(I'm not an expert on maven & jar signing, hence forgive me for the dumb question!)
Tycho is a masculine given name, a latinization of Greek Τύχων, from the name of Tyche (Greek: Τύχη), the Greek goddess of fortune or luck.
In addition to being an extraordinary character, Tycho was a brilliant astronomer, whose work was substantially more accurate than his peers. His lunar theory was the best ever devised, and he produced data for the best star catalog that had ever been compiled.
Tycho's genre is difficult to pin down, but is often grouped in with IDM, downtempo, chillwave and even post-rock.
You can see a working example in The Mylyn-Mantis connector pom.xml . I have a special profile for signing:
<profile>
<id>sign</id>
<activation>
<property>
<name>jarsigner.alias</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>1.2</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
Typically I invoke the sign command as mvn clean package -Djarsigner.alias=... -Djarsigner.storepass=... -Djarsigner.keypass=....
.
You also need to have a code signing certificate, whcih you will import using keytool -trustcacerts -importcert -file $CERTIFICATE -alias $ALIAS -keystore keystore.jks
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With