Examples
Simple usage
You can try it by running in your project directory:
mvn org.simplify4u.plugins:pgpverify-maven-plugin:check
If you want check your dependency on each build, please add to your project:
<project> ... <build> <!-- To define the plugin version in your parent POM --> <pluginManagement> <plugins> <plugin> <groupId>org.simplify4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.16.0</version> </plugin> ... </plugins> </pluginManagement> <!-- To use the plugin goals in your POM or parent POM --> <plugins> <plugin> <groupId>org.simplify4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <executions> <execution> <goals> <goal>check</goal> </goals> </execution> </executions> </plugin> ... </plugins> </build> ... </project>
keysMap usage
keysMap with PGP fingerprint from project
<pluginManagement> <plugins> <plugin> <groupId>org.simplify4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.16.0</version> <configuration> <keysMapLocation>${project.basedir}/pgp-keys-map.list</keysMapLocation> </configuration> </plugin> ... </plugins> </pluginManagement>
keysMap with PGP fingerprint from external artifact
<pluginManagement> <plugins> <plugin> <groupId>org.simplify4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.16.0</version> <configuration> <keysMapLocation>/pgp-keys-map.list</keysMapLocation> <verifyPlugins>true</<verifyPlugins> <verifyPluginDependencies>true</verifyPluginDependencies> </configuration> <dependencies> <dependency> <groupId>my.groupId</groupId> <artifactId>artifact-with-map</artifactId> <version>x.y.z</version> </dependency> </dependencies> </plugin> ... </plugins> </pluginManagement>
keysMap with PGP fingerprint from external resource
<pluginManagement> <plugins> <plugin> <groupId>org.simplify4u.plugins</groupId> <artifactId>pgpverify-maven-plugin</artifactId> <version>1.16.0</version> <configuration> <keysMapLocation>https://www.example.com/pgp-keys-map.list</keysMapLocation> </configuration> </plugin> ... </plugins> </pluginManagement>
Show information about signature
We can see information about signature for a specific artifact, running:
mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=junit:junit:4.12
as a result we get
Artifact: groupId: junit artifactId: junit type: jar version: 4.12 PGP signature: version: 4 algorithm: SHA1withRSA keyId: 0xEFE8086F9E93774E create date: Thu Dec 04 17:17:33 CET 2014 status: valid PGP key: version: 4 algorithm: RSA (Encrypt or Sign) bits: 2048 fingerprint: 0xD4C89EA4AAF455FD88B22087EFE8086F9E93774E master key: 0x58E79B6ABC762159DC0B1591164BD2247B936711 create date: Sun Jul 27 14:31:46 CEST 2014 uids: [.... (JUnit Development, 2014) <mail@....>]
By default, information about jar
artifact is displayed. You can specify packaging, classifier, artifact property format is:
groupId:artifactId:version[:packaging[:classifier]]
You can add property showPom
to also show information about corresponding pom file.
mvn org.simplify4u.plugins:pgpverify-maven-plugin:show -Dartifact=junit:junit:4.12 -DshowPom
IT tests
Many example of usage can be found in project IT tests:
https://github.com/s4u/pgpverify-maven-plugin/tree/master/src/it