PGP sign p2 artefacts
This ensures bundles directly pulled from Maven Central are PGP signed by Tycho. See https://docs.google.com/document/d/1MnDBvOUwKvKacB-QKnH_PzK88dUlHkjs-D-DWEKmvkY Change-Id: I2a9308c091e602d40a1c143edb506a3e43dd0dc2
This commit is contained in:
parent
f8038b6b58
commit
0d92f543f5
|
@ -107,4 +107,37 @@
|
|||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>gpg-sign</id>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-gpg-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>pgpsigner</id>
|
||||
<phase>package</phase>
|
||||
<goals>
|
||||
<goal>sign-p2-artifacts</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<keyname>E3E144E1</keyname> <!-- JGit public key -->
|
||||
<skipIfJarsigned>true</skipIfJarsigned> <!-- Sign if not already JAR-signed. -->
|
||||
<forceSignature>
|
||||
<bundle>bcpg</bundle>
|
||||
<bundle>bcpkix</bundle>
|
||||
<bundle>bcprov</bundle>
|
||||
<bundle>bcutil</bundle>
|
||||
</forceSignature>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
</project>
|
||||
|
|
|
@ -286,6 +286,11 @@
|
|||
<artifactId>tycho-packaging-plugin</artifactId>
|
||||
<version>${tycho-version}</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.tycho</groupId>
|
||||
<artifactId>tycho-gpg-plugin</artifactId>
|
||||
<version>${tycho-version}</version>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.eclipse.cbi.maven.plugins</groupId>
|
||||
<artifactId>eclipse-jarsigner-plugin</artifactId>
|
||||
|
|
Loading…
Reference in New Issue