From b4f07df357fccdff891df2a4fa5c5bd9e83b4a4a Mon Sep 17 00:00:00 2001
From: Matthias Sohn <matthias.sohn@sap.com>
Date: Tue, 24 Sep 2013 09:11:47 +0200
Subject: [PATCH] Prepare re-signing pgm's ueberjar to avoid SecurityException

Since we now sign all build artifacts immediately after creating them
we need to re-sign the ueberjar created for jgit command line tool
because the signatures of the individual jars are invalidated when
repacking them into the ueberjar. Hence we need to exclude the
signatures of the individual jars when using maven-shade-plugin to
create the ueberjar.

Also install the shaded plugin into maven repository and exclude osgi
framework sources which were included unintentionally.

See http://dev.eclipse.org/mhonarc/lists/jgit-dev/msg02277.html

Change-Id: Ia302e68a4b2a9399cb18025274574e31d3d3e407
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
---
 org.eclipse.jgit.pgm/pom.xml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/org.eclipse.jgit.pgm/pom.xml b/org.eclipse.jgit.pgm/pom.xml
index ff80bebf0..93ac8fd4f 100644
--- a/org.eclipse.jgit.pgm/pom.xml
+++ b/org.eclipse.jgit.pgm/pom.xml
@@ -178,6 +178,20 @@
                   </manifestEntries>
                 </transformer>
               </transformers>
+              <filters>
+                <!-- exclude the signing data for individual jars, ueberjar will be signed again -->
+                <filter>
+                  <artifact>*:*</artifact>
+                  <excludes>
+                    <exclude>META-INF/*.SF</exclude>
+                    <exclude>META-INF/*.DSA</exclude>
+                    <exclude>META-INF/*.RSA</exclude>
+                    <exclude>OSGI-OPT/**</exclude>
+                  </excludes>
+                </filter>
+              </filters>
+              <shadedArtifactAttached>true</shadedArtifactAttached>
+              <shadedClassifierName>shaded</shadedClassifierName> <!-- Any name that makes sense -->
             </configuration>
           </execution>
         </executions>