Prepare re-signing pgm's ueberjar to avoid SecurityException
Since we now sign all build artifacts immediately after creating them we need to re-sign the ueberjar created for jgit command line tool because the signatures of the individual jars are invalidated when repacking them into the ueberjar. Hence we need to exclude the signatures of the individual jars when using maven-shade-plugin to create the ueberjar. Also install the shaded plugin into maven repository and exclude osgi framework sources which were included unintentionally. See http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02277.html Change-Id: Ia302e68a4b2a9399cb18025274574e31d3d3e407 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
This commit is contained in:
parent
aa4bbc67b3
commit
b4f07df357
|
@ -178,6 +178,20 @@
|
|||
</manifestEntries>
|
||||
</transformer>
|
||||
</transformers>
|
||||
<filters>
|
||||
<!-- exclude the signing data for individual jars, ueberjar will be signed again -->
|
||||
<filter>
|
||||
<artifact>*:*</artifact>
|
||||
<excludes>
|
||||
<exclude>META-INF/*.SF</exclude>
|
||||
<exclude>META-INF/*.DSA</exclude>
|
||||
<exclude>META-INF/*.RSA</exclude>
|
||||
<exclude>OSGI-OPT/**</exclude>
|
||||
</excludes>
|
||||
</filter>
|
||||
</filters>
|
||||
<shadedArtifactAttached>true</shadedArtifactAttached>
|
||||
<shadedClassifierName>shaded</shadedClassifierName> <!-- Any name that makes sense -->
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
|
|
Loading…
Reference in New Issue