pgpverify:go-offline
Full name:
org.simplify4u.plugins:pgpverify-maven-plugin:1.17.0:go-offline
Description:
Verification of signature in this goal will not occurs. In case of any problem only warn will be reported.
Attributes:
- Requires a Maven project to be executed.
- Requires dependency resolution of artifacts in scope:
test. - The goal is thread-safe and supports parallel builds.
- Since version:
1.13.0.
Required Parameters
| Name | Type | Since | Description |
|---|---|---|---|
<pgpKeysCachePath> |
File |
1.0.0 |
The directory for storing cached PGP public keys. Default value is: ${settings.localRepository}/pgpkeys-cache.User property is: pgpverify.keycache. |
<pgpKeyServer> |
String |
1.0.0 |
PGP public key servers address.
From version 1.7.0 you can provide many kay servers separated by comma, semicolon or whitespace. From version 1.15.0 hkp/http protocols are deprecated - please use hkps/https for key servers. Default value is: hkps://keyserver.ubuntu.com, hkps://keys.openpgp.org, hkps://pgp.mit.edu.User property is: pgpverify.keyserver. |
Optional Parameters
| Name | Type | Since | Description |
|---|---|---|---|
<keyNotFoundRefreshHour> |
int |
1.15.0 |
When key not exist on keys servers such information will be store in cache.
Next checking for key existence will be done after specific hours remain. Default value is: 24. |
<pgpKeyServerLoadBalance> |
boolean |
1.7.0 |
If many key server is provided, use all of them.
If set to false only first key server will be used, another as fallback. Default value is: false.User property is: pgpverify.keyserversLoadBalance. |
<proxyName> |
String |
1.8.0 |
Choose which proxy to use (id from settings.xml in maven config). Uses no proxy if the proxy was not found. If it is not set, it will take the first active proxy if any or no proxy, if no active proxy was found. User property is: pgpverify.proxyName. |
<quiet> |
boolean |
1.4.0 |
Only log errors. Default value is: false.User property is: pgpverify.quiet. |
<scope> |
String |
1.0.0 |
Scope used to build dependency list.
This scope indicates up to which scope artifacts will be included. For example, the 'test' scope will include Default value is: test.User property is: pgpverify.scope. |
<skip> |
boolean |
1.3.0 |
Skip verification altogether. Default value is: false.User property is: pgpverify.skip. |
<verifyAtypical> |
boolean |
1.6.0 |
Verify dependency artifact in atypical locations:
In addition, it will detect when maven-surefire-plugin version 3 is used, as this will dynamically resolve and load additional artifacts. However, these artifacts are not validated. Default value is: false.User property is: pgpverify.verifyAtypical. |
<verifyPluginDependencies> |
boolean |
1.8.0 |
Verify transitive dependencies of build plug-ins.
When enabled, configuration parameter Default value is: false.User property is: pgpverify.verifyPluginDependencies. |
<verifyPlugins> |
boolean |
1.5.0 |
Verify Maven build plug-ins. Default value is: false.User property is: pgpverify.verifyPlugins. |
<verifyPomFiles> |
boolean |
1.1.0 |
Verify pom files also. Default value is: true.User property is: pgpverify.verifyPomFiles. |
<verifyProvidedDependencies> |
boolean |
1.2.0 |
Verify "provided" dependencies, which the JDK or a container provide at runtime. Default value is: false.User property is: pgpverify.verifyProvidedDependencies. |
<verifyReactorDependencies> |
boolean |
1.3.0 |
Verify dependencies that are part of the current build (what Maven calls the "reactor").
This setting only affects multi-module builds that have inter-dependencies between modules. It has no effect on single-module projects nor on multi-module projects that do not have dependencies among the modules. In affected builds, if this setting is Default value is: false.User property is: pgpverify.verifyReactorDependencies. |
<verifySnapshots> |
boolean |
1.2.0 |
Verify dependencies at a SNAPSHOT version, instead of only verifying full release version dependencies. Default value is: false.User property is: pgpverify.verifySnapshots. |
<verifySystemDependencies> |
boolean |
1.2.0 |
Verify "system" dependencies, which are artifacts that have an explicit path specified in the POM, are always available, and are not looked up in a repository. Default value is: false.User property is: pgpverify.verifySystemDependencies. |
Parameter Details
<keyNotFoundRefreshHour>
Next checking for key existence will be done after specific hours remain.
- Type:
int - Since:
1.15.0 - Required:
No - Default:
24
<pgpKeysCachePath>
- Type:
java.io.File - Since:
1.0.0 - Required:
Yes - User Property:
pgpverify.keycache - Default:
${settings.localRepository}/pgpkeys-cache
<pgpKeyServer>
From version 1.7.0 you can provide many kay servers separated by comma, semicolon or whitespace.
From version 1.15.0 hkp/http protocols are deprecated - please use hkps/https for key servers.
- Type:
java.lang.String - Since:
1.0.0 - Required:
Yes - User Property:
pgpverify.keyserver - Default:
hkps://keyserver.ubuntu.com, hkps://keys.openpgp.org, hkps://pgp.mit.edu
<pgpKeyServerLoadBalance>
If set to false only first key server will be used, another as fallback.
- Type:
boolean - Since:
1.7.0 - Required:
No - User Property:
pgpverify.keyserversLoadBalance - Default:
false
<proxyName>
- Type:
java.lang.String - Since:
1.8.0 - Required:
No - User Property:
pgpverify.proxyName
<quiet>
- Type:
boolean - Since:
1.4.0 - Required:
No - User Property:
pgpverify.quiet - Default:
false
<scope>
This scope indicates up to which scope artifacts will be included. For example, the 'test' scope will include provided, compile, runtime, and system scoped dependencies.
- Type:
java.lang.String - Since:
1.0.0 - Required:
No - User Property:
pgpverify.scope - Default:
test
<skip>
- Type:
boolean - Since:
1.3.0 - Required:
No - User Property:
pgpverify.skip - Default:
false
<verifyAtypical>
- annotation processors in org.apache.maven.plugins:maven-compiler-plugin configuration.
In addition, it will detect when maven-surefire-plugin version 3 is used, as this will dynamically resolve and load additional artifacts. However, these artifacts are not validated.
- Type:
boolean - Since:
1.6.0 - Required:
No - User Property:
pgpverify.verifyAtypical - Default:
false
<verifyPluginDependencies>
When enabled, configuration parameter verifyPlugins is enabled implicitly.
- Type:
boolean - Since:
1.8.0 - Required:
No - User Property:
pgpverify.verifyPluginDependencies - Default:
false
<verifyPlugins>
- Type:
boolean - Since:
1.5.0 - Required:
No - User Property:
pgpverify.verifyPlugins - Default:
false
<verifyPomFiles>
- Type:
boolean - Since:
1.1.0 - Required:
No - User Property:
pgpverify.verifyPomFiles - Default:
true
<verifyProvidedDependencies>
- Type:
boolean - Since:
1.2.0 - Required:
No - User Property:
pgpverify.verifyProvidedDependencies - Default:
false
<verifyReactorDependencies>
This setting only affects multi-module builds that have inter-dependencies between modules. It has no effect on single-module projects nor on multi-module projects that do not have dependencies among the modules.
In affected builds, if this setting is true, and the current build is not applying GPG signatures, then the output artifacts of some of the modules in the build will not be signed. Consequently, other modules within the build that depend on those output artifacts will not pass the GPG signature check because they are unsigned. When this setting is false, GPG signatures are not checked on output artifacts of modules in the current build, to avoid this issue.
- Type:
boolean - Since:
1.3.0 - Required:
No - User Property:
pgpverify.verifyReactorDependencies - Default:
false
<verifySnapshots>
- Type:
boolean - Since:
1.2.0 - Required:
No - User Property:
pgpverify.verifySnapshots - Default:
false
<verifySystemDependencies>
- Type:
boolean - Since:
1.2.0 - Required:
No - User Property:
pgpverify.verifySystemDependencies - Default:
false