PGP sign p2 artefacts

This ensures bundles directly pulled from Maven Central are PGP signed
by Tycho.

See https://docs.google.com/document/d/1MnDBvOUwKvKacB-QKnH_PzK88dUlHkjs-D-DWEKmvkY

Change-Id: I2a9308c091e602d40a1c143edb506a3e43dd0dc2

org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml

@@ -107,4 +107,37 @@
       <version>${project.version}</version>
     </dependency>
   </dependencies>
+
+  <profiles>
+    <profile>
+      <id>gpg-sign</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.eclipse.tycho</groupId>
+            <artifactId>tycho-gpg-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>pgpsigner</id>
+                <phase>package</phase>
+                <goals>
+                  <goal>sign-p2-artifacts</goal>
+                </goals>
+                <configuration>
+                  <keyname>E3E144E1</keyname> <!-- JGit public key -->
+                  <skipIfJarsigned>true</skipIfJarsigned> <!-- Sign if not already JAR-signed. -->
+                  <forceSignature>
+                    <bundle>bcpg</bundle>
+                    <bundle>bcpkix</bundle>
+                    <bundle>bcprov</bundle>
+                    <bundle>bcutil</bundle>
+                  </forceSignature>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 </project>

org.eclipse.jgit.packaging/pom.xml

@@ -286,6 +286,11 @@
           <artifactId>tycho-packaging-plugin</artifactId>
           <version>${tycho-version}</version>
         </plugin>
+        <plugin>
+          <groupId>org.eclipse.tycho</groupId>
+          <artifactId>tycho-gpg-plugin</artifactId>
+          <version>${tycho-version}</version>
+        </plugin>
         <plugin>
           <groupId>org.eclipse.cbi.maven.plugins</groupId>
           <artifactId>eclipse-jarsigner-plugin</artifactId>