Fork me on GitHub

Examples

Simple usage

You can try it by running in your project directory:

mvn org.simplify4u.plugins:pgpverify-maven-plugin:check

If you want check your dependency on each build, please add to your project:

<project>
  ...
  <build>
    <!-- To define the plugin version in your parent POM -->
    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.simplify4u.plugins</groupId>
          <artifactId>pgpverify-maven-plugin</artifactId>
          <version>1.15.0</version>
        </plugin>
        ...
      </plugins>
    </pluginManagement>

    <!-- To use the plugin goals in your POM or parent POM -->
    <plugins>
      <plugin>
        <groupId>org.simplify4u.plugins</groupId>
        <artifactId>pgpverify-maven-plugin</artifactId>
        <executions>
            <execution>
                <goals>
                    <goal>check</goal>
                </goals>
            </execution>
         </executions>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>

keysMap usage

keysMap with PGP fingerprint from project

    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.simplify4u.plugins</groupId>
          <artifactId>pgpverify-maven-plugin</artifactId>
          <version>1.15.0</version>
          <configuration>
              <keysMapLocation>${project.basedir}/pgp-keys-map.list</keysMapLocation>
          </configuration>                        
        </plugin>
        ...
      </plugins>
    </pluginManagement>

keysMap with PGP fingerprint from external artifact

    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.simplify4u.plugins</groupId>
          <artifactId>pgpverify-maven-plugin</artifactId>
          <version>1.15.0</version>
          <configuration>
              <keysMapLocation>/pgp-keys-map.list</keysMapLocation>                
              <verifyPlugins>true</<verifyPlugins>
              <verifyPluginDependencies>true</verifyPluginDependencies>
          </configuration>
          <dependencies>
              <dependency>
                  <groupId>my.groupId</groupId>
                  <artifactId>artifact-with-map</artifactId>
                  <version>x.y.z</version>
              </dependency>
          </dependencies>                        
        </plugin>
        ...
      </plugins>
    </pluginManagement>

keysMap with PGP fingerprint from external resource

    <pluginManagement>
      <plugins>
        <plugin>
          <groupId>org.simplify4u.plugins</groupId>
          <artifactId>pgpverify-maven-plugin</artifactId>
          <version>1.15.0</version>
          <configuration>
              <keysMapLocation>https://www.example.com/pgp-keys-map.list</keysMapLocation>
          </configuration>                        
        </plugin>
        ...
      </plugins>
    </pluginManagement>

Show information about signature

We can see information about signature for a specific artifact, running:

mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=junit:junit:4.12

as a result we get

Artifact:
    groupId:     junit
    artifactId:  junit
    type:        jar
    version:     4.12

PGP signature:
    version:     4
    algorithm:   SHA1withRSA
    keyId:       0xEFE8086F9E93774E
    create date: Thu Dec 04 17:17:33 CET 2014
    status:      valid

PGP key:
    version:     4
    algorithm:   RSA (Encrypt or Sign)
    bits:        2048
    fingerprint: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E
    master key:  0x58E79B6ABC762159DC0B1591164BD2247B936711
    create date: Sun Jul 27 14:31:46 CEST 2014
    uids:        [.... (JUnit Development, 2014) <mail@....>]

By default, information about jar artifact is displayed. You can specify packaging, classifier, artifact property format is:

groupId:artifactId:version[:packaging[:classifier]]

You can add property showPom to also show information about corresponding pom file.

mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=junit:junit:4.12 -DshowPom

IT tests

Many example of usage can be found in project IT tests:

https://github.com/s4u/pgpverify-maven-plugin/tree/master/src/it