From 0d92f543f5a41d707daf9a8fd12bac26674f1502 Mon Sep 17 00:00:00 2001
From: Matthias Sohn <matthias.sohn@sap.com>
Date: Wed, 3 May 2023 14:39:17 +0200
Subject: [PATCH] PGP sign p2 artefacts

This ensures bundles directly pulled from Maven Central are PGP signed
by Tycho.

See https://docs.google.com/document/d/1MnDBvOUwKvKacB-QKnH_PzK88dUlHkjs-D-DWEKmvkY

Change-Id: I2a9308c091e602d40a1c143edb506a3e43dd0dc2
---
 .../org.eclipse.jgit.repository/pom.xml       | 33 +++++++++++++++++++
 org.eclipse.jgit.packaging/pom.xml            |  5 +++
 2 files changed, 38 insertions(+)

diff --git a/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml b/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml
index 2a127bc9b..058aa695d 100644
--- a/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml
+++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.repository/pom.xml
@@ -107,4 +107,37 @@
       <version>${project.version}</version>
     </dependency>
   </dependencies>
+
+  <profiles>
+    <profile>
+      <id>gpg-sign</id>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.eclipse.tycho</groupId>
+            <artifactId>tycho-gpg-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>pgpsigner</id>
+                <phase>package</phase>
+                <goals>
+                  <goal>sign-p2-artifacts</goal>
+                </goals>
+                <configuration>
+                  <keyname>E3E144E1</keyname> <!-- JGit public key -->
+                  <skipIfJarsigned>true</skipIfJarsigned> <!-- Sign if not already JAR-signed. -->
+                  <forceSignature>
+                    <bundle>bcpg</bundle>
+                    <bundle>bcpkix</bundle>
+                    <bundle>bcprov</bundle>
+                    <bundle>bcutil</bundle>
+                  </forceSignature>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
 </project>
diff --git a/org.eclipse.jgit.packaging/pom.xml b/org.eclipse.jgit.packaging/pom.xml
index 8e0af1887..c9c2c4367 100644
--- a/org.eclipse.jgit.packaging/pom.xml
+++ b/org.eclipse.jgit.packaging/pom.xml
@@ -286,6 +286,11 @@
           <artifactId>tycho-packaging-plugin</artifactId>
           <version>${tycho-version}</version>
         </plugin>
+        <plugin>
+          <groupId>org.eclipse.tycho</groupId>
+          <artifactId>tycho-gpg-plugin</artifactId>
+          <version>${tycho-version}</version>
+        </plugin>
         <plugin>
           <groupId>org.eclipse.cbi.maven.plugins</groupId>
           <artifactId>eclipse-jarsigner-plugin</artifactId>