[ https://issues.apache.org/jira/browse/GERONIMODEVTOOLS-521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12652692#action_12652692 ] 

Delos Dai commented on GERONIMODEVTOOLS-521:
--------------------------------------------

I think you mean we should add signature for each plugin.

For this bug, maven plugin "keytool-maven-plugin" will be used to generate certification  and "jar:sign" goal in "maven-jar-plugin" will be needed to sign the jar packages.

Attachment is a patch for this.Then, after building, generated GEP will be shown as signed in eclipse plugins list.

The added properties in eclipse-plugin/trunk/pom.xml are:
        <keystoreAlias>devtools</keystoreAlias> 
        <keystoreFile>keystore</keystoreFile> 
        <keystoreDname>cn=http://geronimo.apache.org</keystoreDname> 
        <keystoreKeypass>devtools</keystoreKeypass> 
        <keystoreStorepass>geronimo</keystoreStorepass> 
        <keystoreValDays>180</keystoreValDays>
They're the parameters used to generate signature. I just give sample here, you can replace them. The parameters here are similar to the parameters of "keytool" and "jarsigner".

Could anyone help to review it? Thanks!

> Sign features so the eclipse update manager recognizes them as signed
> ---------------------------------------------------------------------
>
>                 Key: GERONIMODEVTOOLS-521
>                 URL: https://issues.apache.org/jira/browse/GERONIMODEVTOOLS-521
>             Project: Geronimo-Devtools
>          Issue Type: Bug
>          Components: eclipse-plugin
>    Affects Versions: 2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3
>            Reporter: Ted Kirby
>            Assignee: Tim McConnell
>             Fix For: 2.2.0
>
>         Attachments: 521.patch
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.