diff --git a/pgp-keys-map.list b/pgp-keys-map.list
index ddfa2c4..f0a0edb 100644
--- a/pgp-keys-map.list
+++ b/pgp-keys-map.list
@@ -16,7 +16,6 @@
# under the License.
commons-io:commons-io = 0x2DB4F1EF0FA761ECC4EA935C86FDC7E2A11262CB
-javax.inject:javax.inject = noSig
org.apiguardian:apiguardian-api = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51
org.junit.jupiter:junit-jupiter-api = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51
org.junit.jupiter:junit-jupiter-params = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51
@@ -24,11 +23,6 @@ org.junit.platform:junit-platform-commons = 0xFF6E2C001948C5F2F38B0CC385911F425E
org.opentest4j:opentest4j = 0xFF6E2C001948C5F2F38B0CC385911F425EC61B51
org.apache.maven.resolver = 0x522CA055B326A636D833EF6A0551FD3684FCBBB7
org.apache.maven.shared:maven-invoker = 0x84789D24DF77A32433CE1F079EB80E92EB2135B1
-org.codehaus.plexus:plexus-cipher = 0x6A814B1F869C2BBEAB7CB7271A2A1C94BDE89688
org.codehaus.plexus:plexus-classworlds = 0xB91AB7D2121DC6B0A61AA182D7742D58455ECC7C
org.codehaus.plexus:plexus-component-annotations = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
org.codehaus.plexus:plexus-utils = 0xF254B35617DC255D9344BCFA873A8E86B4372146
-org.codehaus.plexus:plexus-sec-dispatcher = 0x2BE13D052E9AA567D657D9791FD507154FB9BA39
-org.hamcrest:hamcrest = 0xE3A9F95079E84CE201F7CF60BEDE11EAF1164480
-org.hamcrest:hamcrest-core = 0xE3A9F95079E84CE201F7CF60BEDE11EAF1164480
-org.slf4j:slf4j-api = 0x475F3B8E59E6E63AA78067482C7B12F2A511E325
diff --git a/pom.xml b/pom.xml
index c081058..a0e437d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -120,11 +120,6 @@ under the License.
plexus-utils
3.5.1
-
- org.codehaus.plexus
- plexus-sec-dispatcher
- 2.0
-
org.junit.jupiter
diff --git a/src/it/no-main-artifact/invoker.properties b/src/it/no-main-artifact/invoker.properties
new file mode 100644
index 0000000..1122205
--- /dev/null
+++ b/src/it/no-main-artifact/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/no-main-artifact/pom.xml b/src/it/no-main-artifact/pom.xml
index eb29e13..dc5e338 100644
--- a/src/it/no-main-artifact/pom.xml
+++ b/src/it/no-main-artifact/pom.xml
@@ -46,9 +46,6 @@ under the License.
org.apache.maven.plugins
maven-gpg-plugin
@project.version@
-
- TEST
-
sign-artifacts
diff --git a/src/it/settings.xml b/src/it/settings.xml
index a23cdde..98c2d3a 100644
--- a/src/it/settings.xml
+++ b/src/it/settings.xml
@@ -23,11 +23,4 @@ under the License.
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
-
-
- gpg.passphrase
- TEST
-
-
-
diff --git a/src/it/sign-and-deploy-file-with-extras/invoker.properties b/src/it/sign-and-deploy-file-with-extras/invoker.properties
index 3e8d235..1f337d1 100644
--- a/src/it/sign-and-deploy-file-with-extras/invoker.properties
+++ b/src/it/sign-and-deploy-file-with-extras/invoker.properties
@@ -16,3 +16,4 @@
# under the License.
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:sign-and-deploy-file
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-and-deploy-file-with-extras/test.properties b/src/it/sign-and-deploy-file-with-extras/test.properties
index f0dc246..22793af 100644
--- a/src/it/sign-and-deploy-file-with-extras/test.properties
+++ b/src/it/sign-and-deploy-file-with-extras/test.properties
@@ -18,6 +18,5 @@
file = test.jar
pomFile = test.pom
url = file:target/repo
-gpg.passphrase = TEST
sources = test-sources.jar
javadoc = test-javadoc.jar
diff --git a/src/it/sign-and-deploy-file-with-pom/invoker.properties b/src/it/sign-and-deploy-file-with-pom/invoker.properties
index 3e8d235..1f337d1 100644
--- a/src/it/sign-and-deploy-file-with-pom/invoker.properties
+++ b/src/it/sign-and-deploy-file-with-pom/invoker.properties
@@ -16,3 +16,4 @@
# under the License.
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:sign-and-deploy-file
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-and-deploy-file-with-pom/test.properties b/src/it/sign-and-deploy-file-with-pom/test.properties
index 13def15..09fd904 100644
--- a/src/it/sign-and-deploy-file-with-pom/test.properties
+++ b/src/it/sign-and-deploy-file-with-pom/test.properties
@@ -18,4 +18,3 @@
file = test.jar
pomFile = test.pom
url = file:target/repo
-gpg.passphrase = TEST
diff --git a/src/it/sign-and-deploy-file-without-pom/invoker.properties b/src/it/sign-and-deploy-file-without-pom/invoker.properties
index 3e8d235..1f337d1 100644
--- a/src/it/sign-and-deploy-file-without-pom/invoker.properties
+++ b/src/it/sign-and-deploy-file-without-pom/invoker.properties
@@ -16,3 +16,4 @@
# under the License.
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:sign-and-deploy-file
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-and-deploy-file-without-pom/test.properties b/src/it/sign-and-deploy-file-without-pom/test.properties
index 7492cb7..9308668 100644
--- a/src/it/sign-and-deploy-file-without-pom/test.properties
+++ b/src/it/sign-and-deploy-file-without-pom/test.properties
@@ -21,4 +21,3 @@ artifactId = test
version = 1.0
packaging = jar
url = file:target/repo
-gpg.passphrase = TEST
diff --git a/src/it/sign-and-deploy-files/invoker.properties b/src/it/sign-and-deploy-files/invoker.properties
index 3e8d235..1f337d1 100644
--- a/src/it/sign-and-deploy-files/invoker.properties
+++ b/src/it/sign-and-deploy-files/invoker.properties
@@ -16,3 +16,4 @@
# under the License.
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:sign-and-deploy-file
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-and-deploy-files/test.properties b/src/it/sign-and-deploy-files/test.properties
index 99ada0b..b5d6d49 100644
--- a/src/it/sign-and-deploy-files/test.properties
+++ b/src/it/sign-and-deploy-files/test.properties
@@ -18,7 +18,6 @@
file = test.jar
pomFile = test.pom
url = file:target/repo
-gpg.passphrase = TEST
sources = test-sources.jar
javadoc = test-javadoc.jar
files = test.zip,test-src.tar.gz,test.tar.gz
diff --git a/src/it/sign-and-deploy-not-jar-packaging/invoker.properties b/src/it/sign-and-deploy-not-jar-packaging/invoker.properties
index 3e8d235..1f337d1 100644
--- a/src/it/sign-and-deploy-not-jar-packaging/invoker.properties
+++ b/src/it/sign-and-deploy-not-jar-packaging/invoker.properties
@@ -16,3 +16,4 @@
# under the License.
invoker.goals = ${project.groupId}:${project.artifactId}:${project.version}:sign-and-deploy-file
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-and-deploy-not-jar-packaging/test.properties b/src/it/sign-and-deploy-not-jar-packaging/test.properties
index 8536973..2b7630a 100644
--- a/src/it/sign-and-deploy-not-jar-packaging/test.properties
+++ b/src/it/sign-and-deploy-not-jar-packaging/test.properties
@@ -22,4 +22,3 @@ version = 1.0
packaging = javadoc
url = file:target/repo
generatePom = false
-gpg.passphrase = TEST
diff --git a/src/it/sign-release-with-excludes/invoker.properties b/src/it/sign-release-with-excludes/invoker.properties
new file mode 100644
index 0000000..1122205
--- /dev/null
+++ b/src/it/sign-release-with-excludes/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-release-with-excludes/pom.xml b/src/it/sign-release-with-excludes/pom.xml
index dad59b2..ca12283 100644
--- a/src/it/sign-release-with-excludes/pom.xml
+++ b/src/it/sign-release-with-excludes/pom.xml
@@ -46,9 +46,6 @@ under the License.
org.apache.maven.plugins
maven-gpg-plugin
@project.version@
-
- TEST
-
sign-artifacts
diff --git a/src/it/sign-release-without-passphrase/pom.xml b/src/it/sign-release-without-passphrase/pom.xml
index 8e279f5..a198cb4 100644
--- a/src/it/sign-release-without-passphrase/pom.xml
+++ b/src/it/sign-release-without-passphrase/pom.xml
@@ -46,9 +46,6 @@ under the License.
org.apache.maven.plugins
maven-gpg-plugin
@project.version@
-
- non-existent
-
sign-artifacts
diff --git a/src/it/sign-release/invoker.properties b/src/it/sign-release/invoker.properties
new file mode 100644
index 0000000..1122205
--- /dev/null
+++ b/src/it/sign-release/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/it/sign-release/pom.xml b/src/it/sign-release/pom.xml
index 72ae0b8..0711896 100644
--- a/src/it/sign-release/pom.xml
+++ b/src/it/sign-release/pom.xml
@@ -46,9 +46,6 @@ under the License.
org.apache.maven.plugins
maven-gpg-plugin
@project.version@
-
- TEST
-
sign-artifacts
diff --git a/src/it/sign-with-passphase-from-maven-settings/invoker.properties b/src/it/sign-with-passphase-from-maven-settings/invoker.properties
new file mode 100644
index 0000000..1122205
--- /dev/null
+++ b/src/it/sign-with-passphase-from-maven-settings/invoker.properties
@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+invoker.environmentVariables.MAVEN_GPG_PASSPHRASE = TEST
diff --git a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java
index 67d3fad..e0bb093 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgMojo.java
@@ -19,24 +19,28 @@
package org.apache.maven.plugins.gpg;
import java.io.File;
-import java.io.IOException;
import java.util.List;
+import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
-import org.apache.maven.project.MavenProject;
-import org.apache.maven.settings.Server;
-import org.apache.maven.settings.Settings;
-import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
-import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
/**
* @author Benjamin Bentmann
*/
public abstract class AbstractGpgMojo extends AbstractMojo {
+ public static final String DEFAULT_ENV_MAVEN_GPG_PASSPHRASE = "MAVEN_GPG_PASSPHRASE";
+
+ /**
+ * The env variable name where the GnuPG passphrase is set. The default value is {@code MAVEN_GPG_PASSPHRASE}.
+ *
+ * @since 3.2.0
+ */
+ @Parameter(property = "gpg.passphraseEnvName", defaultValue = DEFAULT_ENV_MAVEN_GPG_PASSPHRASE)
+ private String passphraseEnvName;
/**
* The directory from which gpg will load keyrings. If not specified, gpg will use the value configured for its
@@ -50,15 +54,21 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
/**
* The passphrase to use when signing. If not given, look up the value under Maven
* settings using server id at 'passphraseServerKey' configuration.
+ *
+ * @deprecated Do not use this configuration, plugin will fail if set.
**/
+ @Deprecated
@Parameter(property = "gpg.passphrase")
private String passphrase;
/**
* Server id to lookup the passphrase under Maven settings.
* @since 1.6
- */
- @Parameter(property = "gpg.passphraseServerId", defaultValue = "gpg.passphrase")
+ *
+ * @deprecated Do not use this configuration, plugin will fail if set.
+ **/
+ @Deprecated
+ @Parameter(property = "gpg.passphraseServerId")
private String passphraseServerId;
/**
@@ -132,6 +142,12 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
@Parameter(property = "gpg.lockMode")
private String lockMode;
+ /**
+ * Skip doing the gpg signing.
+ */
+ @Parameter(property = "gpg.skip", defaultValue = "false")
+ private boolean skip;
+
/**
* Sets the arguments to be passed to gpg. Example:
*
@@ -148,22 +164,31 @@ public abstract class AbstractGpgMojo extends AbstractMojo {
private List gpgArguments;
/**
- * Current user system settings for use in Maven.
- *
- * @since 1.6
- */
- @Parameter(defaultValue = "${settings}", readonly = true)
- private Settings settings;
-
- /**
- * Maven Security Dispatcher
- *
- * @since 1.6
+ * @since 3.0.0
*/
@Component
- private SecDispatcher securityDispatcher;
+ protected MavenSession session;
+
+ @Override
+ public final void execute() throws MojoExecutionException, MojoFailureException {
+ if (skip) {
+ // We're skipping the signing stuff
+ return;
+ }
+ if ((passphrase != null && !passphrase.trim().isEmpty())
+ || (passphraseServerId != null && !passphraseServerId.trim().isEmpty())) {
+ // Stop propagating worst practices: passphrase MUST NOT be in any file on disk
+ throw new MojoFailureException(
+ "Do not store passphrase in any file (disk or SCM repository), rely on GnuPG agent or provide passphrase in "
+ + passphraseEnvName + " environment variable.");
+ }
- AbstractGpgSigner newSigner(MavenProject project) throws MojoExecutionException, MojoFailureException {
+ doExecute();
+ }
+
+ protected abstract void doExecute() throws MojoExecutionException, MojoFailureException;
+
+ protected AbstractGpgSigner newSigner() throws MojoExecutionException, MojoFailureException {
AbstractGpgSigner signer = new GpgSigner(executable);
signer.setLog(getLog());
@@ -177,41 +202,19 @@ AbstractGpgSigner newSigner(MavenProject project) throws MojoExecutionException,
signer.setLockMode(lockMode);
signer.setArgs(gpgArguments);
- loadGpgPassphrase();
+ String passphrase =
+ (String) session.getRepositorySession().getConfigProperties().get("env." + passphraseEnvName);
+ if (passphrase != null) {
+ signer.setPassPhrase(passphrase);
+ }
signer.setPassPhrase(passphrase);
if (null == passphrase && !useAgent) {
if (!interactive) {
throw new MojoFailureException("Cannot obtain passphrase in batch mode");
}
- try {
- signer.setPassPhrase(signer.getPassphrase(project));
- } catch (IOException e) {
- throw new MojoExecutionException("Exception reading passphrase", e);
- }
}
return signer;
}
-
- /**
- * Load and decrypt gpg passphrase from Maven settings if not given from plugin configuration
- *
- * @throws MojoFailureException
- */
- private void loadGpgPassphrase() throws MojoFailureException {
- if (this.passphrase == null || this.passphrase.isEmpty()) {
- Server server = this.settings.getServer(passphraseServerId);
-
- if (server != null) {
- if (server.getPassphrase() != null) {
- try {
- this.passphrase = securityDispatcher.decrypt(server.getPassphrase());
- } catch (SecDispatcherException e) {
- throw new MojoFailureException("Unable to decrypt gpg passphrase", e);
- }
- }
- }
- }
- }
}
diff --git a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
index 3255b8f..d94c3cc 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/AbstractGpgSigner.java
@@ -19,12 +19,10 @@
package org.apache.maven.plugins.gpg;
import java.io.File;
-import java.io.IOException;
import java.util.List;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.logging.Log;
-import org.apache.maven.project.MavenProject;
/**
* A base class for all classes that implements signing of files.
@@ -33,8 +31,6 @@
* @since 1.5
*/
public abstract class AbstractGpgSigner {
- private static final String GPG_PASSPHRASE = "gpg.passphrase";
-
public static final String SIGNATURE_EXTENSION = ".asc";
protected boolean useAgent;
@@ -185,38 +181,6 @@ public File generateSignatureForArtifact(File file) throws MojoExecutionExceptio
*/
protected abstract void generateSignatureForFile(File file, File signature) throws MojoExecutionException;
- private MavenProject findReactorProject(MavenProject prj) {
- if (prj.getParent() != null
- && prj.getParent().getBasedir() != null
- && prj.getParent().getBasedir().exists()) {
- return findReactorProject(prj.getParent());
- }
- return prj;
- }
-
- public String getPassphrase(MavenProject project) throws IOException {
- String pass = null;
-
- if (project != null) {
- pass = project.getProperties().getProperty(GPG_PASSPHRASE);
- if (pass == null) {
- MavenProject prj2 = findReactorProject(project);
- pass = prj2.getProperties().getProperty(GPG_PASSPHRASE);
- }
- }
- if (pass == null) {
- pass = new String(readPassword("GPG Passphrase: "));
- }
- if (project != null) {
- findReactorProject(project).getProperties().setProperty(GPG_PASSPHRASE, pass);
- }
- return pass;
- }
-
- private char[] readPassword(String prompt) throws IOException {
- return System.console().readPassword();
- }
-
private boolean isPossibleRootOfArtifact(File signatureDirectory) {
return signatureDirectory.equals(outputDir)
|| signatureDirectory.equals(buildDir)
diff --git a/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java b/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java
index 5cc2c38..646b246 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/FilesCollector.java
@@ -24,13 +24,14 @@
import java.util.ArrayList;
import java.util.List;
-import org.apache.maven.artifact.Artifact;
+import org.apache.maven.RepositoryUtils;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugin.logging.Log;
import org.apache.maven.project.MavenProject;
import org.codehaus.plexus.util.FileUtils;
import org.codehaus.plexus.util.SelectorUtils;
+import org.eclipse.aether.artifact.Artifact;
/**
* Collects project artifact, the POM, and attached artifacts to be signed.
@@ -40,7 +41,7 @@
public class FilesCollector {
private final MavenProject project;
- private static final String DEFAULT_EXCLUDES[] =
+ private static final String[] DEFAULT_EXCLUDES =
new String[] {"**/*.md5", "**/*.sha1", "**/*.sha256", "**/*.sha512", "**/*.asc", "**/*.sigstore"};
private final String[] excludes;
@@ -54,7 +55,7 @@ public FilesCollector(MavenProject project, String[] excludes, Log log) {
this.excludes = DEFAULT_EXCLUDES;
return;
}
- String newExcludes[] = new String[excludes.length];
+ String[] newExcludes = new String[excludes.length];
for (int i = 0; i < excludes.length; i++) {
String pattern;
pattern = excludes[i].trim().replace('/', File.separatorChar).replace('\\', File.separatorChar);
@@ -74,12 +75,12 @@ public List- collect() throws MojoExecutionException, MojoFailureException
// Project artifact
// ----------------------------------------------------------------------------
- Artifact artifact = project.getArtifact();
+ Artifact artifact = RepositoryUtils.toArtifact(project.getArtifact());
File file = artifact.getFile();
if (file != null && file.isFile()) {
- items.add(new Item(file, artifact.getArtifactHandler().getExtension()));
+ items.add(new Item(file, artifact.getExtension()));
} else if (project.getAttachedArtifacts().isEmpty()) {
throw new MojoFailureException("The project artifact has not been assembled yet. "
+ "Please do not invoke this goal before the lifecycle phase \"package\".");
@@ -107,7 +108,7 @@ public List
- collect() throws MojoExecutionException, MojoFailureException
// Attached artifacts
// ----------------------------------------------------------------------------
- for (Artifact artifact : project.getAttachedArtifacts()) {
+ for (Artifact artifact : RepositoryUtils.toArtifacts(project.getAttachedArtifacts())) {
File file = artifact.getFile();
if (isExcluded(artifact)) {
@@ -115,10 +116,7 @@ public List
- collect() throws MojoExecutionException, MojoFailureException
continue;
}
- items.add(new Item(
- file,
- artifact.getClassifier(),
- artifact.getArtifactHandler().getExtension()));
+ items.add(new Item(file, artifact.getClassifier(), artifact.getExtension()));
}
return items;
diff --git a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
index 8fce44f..2032b0b 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/GpgSignAttachedMojo.java
@@ -40,12 +40,6 @@
@Mojo(name = "sign", defaultPhase = LifecyclePhase.VERIFY, threadSafe = true)
public class GpgSignAttachedMojo extends AbstractGpgMojo {
- /**
- * Skip doing the gpg signing.
- */
- @Parameter(property = "gpg.skip", defaultValue = "false")
- private boolean skip;
-
/**
* A list of files to exclude from being signed. Can contain Ant-style wildcards and double wildcards. The default
* excludes are
**/*.md5 **/*.sha1 **/*.sha256 **/*.sha512 **/*.asc **/*.sigstore.
@@ -76,12 +70,7 @@ public class GpgSignAttachedMojo extends AbstractGpgMojo {
private MavenProjectHelper projectHelper;
@Override
- public void execute() throws MojoExecutionException, MojoFailureException {
- if (skip) {
- // We're skipping the signing stuff
- return;
- }
-
+ protected void doExecute() throws MojoExecutionException, MojoFailureException {
// ----------------------------------------------------------------------------
// Collect files to sign
// ----------------------------------------------------------------------------
@@ -93,7 +82,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
// Sign collected files and attach all the signatures
// ----------------------------------------------------------------------------
- AbstractGpgSigner signer = newSigner(project);
+ AbstractGpgSigner signer = newSigner();
signer.setOutputDirectory(ascDirectory);
signer.setBuildDirectory(new File(project.getBuild().getDirectory()));
signer.setBaseDirectory(project.getBasedir());
diff --git a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
index f32f389..c754950 100644
--- a/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
+++ b/src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java
@@ -29,7 +29,6 @@
import org.apache.maven.artifact.handler.ArtifactHandler;
import org.apache.maven.artifact.handler.manager.ArtifactHandlerManager;
-import org.apache.maven.execution.MavenSession;
import org.apache.maven.model.Model;
import org.apache.maven.model.Parent;
import org.apache.maven.model.building.DefaultModelBuildingRequest;
@@ -219,12 +218,6 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo {
@Component
private MavenProject project;
- /**
- * @since 3.0.0
- */
- @Component
- private MavenSession session;
-
/**
* @since 3.2.0
*/
@@ -247,7 +240,7 @@ private void initProperties() throws MojoExecutionException {
}
@Override
- public void execute() throws MojoExecutionException, MojoFailureException {
+ protected void doExecute() throws MojoExecutionException, MojoFailureException {
if (offline) {
throw new MojoFailureException("Cannot deploy artifacts when Maven is in offline mode");
}
@@ -356,7 +349,7 @@ public void execute() throws MojoExecutionException, MojoFailureException {
}
// sign all
- AbstractGpgSigner signer = newSigner(null);
+ AbstractGpgSigner signer = newSigner();
signer.setOutputDirectory(ascDirectory);
signer.setBaseDirectory(new File("").getAbsoluteFile());
diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
index f968332..c9b4ab6 100644
--- a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignArtifactIT.java
@@ -39,7 +39,7 @@ public class GpgSignArtifactIT {
public GpgSignArtifactIT() throws Exception {
this.mavenHome = new File(System.getProperty("maven.home"));
this.localRepository = new File(System.getProperty("localRepositoryPath"));
- this.mavenUserSettings = InvokerTestUtils.getTestResource("/it/settings-with-passphrase.xml");
+ this.mavenUserSettings = InvokerTestUtils.getTestResource("/it/settings.xml");
this.gpgHome = new File(System.getProperty("gpg.homedir"));
}
@@ -74,7 +74,7 @@ void testPlacementOfArtifactInOutputDirectory(String pomPath, String expectedFil
throws Exception {
// given
final File pomFile = InvokerTestUtils.getTestResource(pomPath);
- final InvocationRequest request = InvokerTestUtils.createRequest(pomFile, mavenUserSettings, gpgHome);
+ final InvocationRequest request = InvokerTestUtils.createRequest(pomFile, mavenUserSettings, gpgHome, true);
final File integrationTestRootDirectory = new File(pomFile.getParent());
final File expectedOutputDirectory = new File(integrationTestRootDirectory + expectedFileLocation);
diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignAttachedMojoIT.java b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignAttachedMojoIT.java
index 707ceeb..d75880d 100644
--- a/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignAttachedMojoIT.java
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/GpgSignAttachedMojoIT.java
@@ -47,7 +47,7 @@ void testInteractiveWithoutPassphrase() throws Exception {
// given
final File pomFile =
InvokerTestUtils.getTestResource("/it/sign-release-without-passphrase-interactive/pom.xml");
- final InvocationRequest request = InvokerTestUtils.createRequest(pomFile, mavenUserSettings, gpgHome);
+ final InvocationRequest request = InvokerTestUtils.createRequest(pomFile, mavenUserSettings, gpgHome, false);
// require Maven interactive mode
request.setBatchMode(false);
diff --git a/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java b/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java
index a08eb0f..2c642e9 100644
--- a/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java
+++ b/src/test/java/org/apache/maven/plugins/gpg/it/InvokerTestUtils.java
@@ -41,7 +41,7 @@
public class InvokerTestUtils {
public static InvocationRequest createRequest(
- final File pomFile, final File mavenUserSettings, final File gpgHome) {
+ File pomFile, File mavenUserSettings, File gpgHome, boolean providePassphraseEnv) {
final InvocationRequest request = new DefaultInvocationRequest();
request.setUserSettingsFile(mavenUserSettings);
request.setShowVersion(true);
@@ -51,6 +51,10 @@ public static InvocationRequest createRequest(
request.setGoals(Arrays.asList("clean", "install"));
request.setPomFile(pomFile);
+ if (providePassphraseEnv) {
+ request.addShellEnvironment("MAVEN_GPG_PASSPHRASE", "TEST");
+ }
+
final Properties properties = new Properties();
request.setProperties(properties);
@@ -79,11 +83,12 @@ public static BuildResult executeRequest(
final Invoker invoker = new DefaultInvoker();
invoker.setMavenHome(mavenHome);
invoker.setLocalRepositoryDirectory(localRepository);
- invoker.setInputStream(new NullInputStream(0));
- invoker.setOutputHandler(buildLogOutputHandler);
- invoker.setErrorHandler(buildLogOutputHandler);
invoker.setLogger(logger);
+ request.setInputStream(new NullInputStream(0));
+ request.setOutputHandler(buildLogOutputHandler);
+ request.setErrorHandler(buildLogOutputHandler);
+
result = invoker.execute(request);
}
diff --git a/src/test/resources/it/settings-with-passphrase.xml b/src/test/resources/it/settings-with-passphrase.xml
deleted file mode 100644
index 97def3f..0000000
--- a/src/test/resources/it/settings-with-passphrase.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-
-
-
-
-
-
-
- gpg.passphrase
- TEST
-
-
-
-