Tycho & jar subscription

Question

Tycho & jar subscription

I use maven and tyhco to compile and build my eclipse plugins and create a p2 repository.

However, when I install my plugins, eclipse shows a warning for untrusted content. I know that to solve this problem I have to sign the plugins that I distribute.

However, I don't know if there is a way to sign the plugins that I build with tycho ...

(I'm not an expert on maven and jar subscriptions, so forgive me for the dumb question!)

+6

eclipse maven maven-3 eclipse-plugin tycho

Matteo Oct 31 '11 at 16:02

source share

1 answer

Robert Munteanu · Accepted Answer · 2011-11-01T13:41:59+0000

You can see a working example in the Mylyn-Mantis pom.xml Section . I have a special profile for signing:

<profile> <id>sign</id> <activation> <property> <name>jarsigner.alias</name> </property> </activation> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>sign</id> <goals> <goal>sign</goal> </goals> </execution> </executions> </plugin> </plugins> </build> </profile>

I usually invoke the sign command as mvn clean package -Djarsigner.alias=... -Djarsigner.storepass=... -Djarsigner.keypass=....

You also need to have a code signing certificate that you will import using keytool -trustcacerts -importcert -file $CERTIFICATE -alias $ALIAS -keystore keystore.jks .

Tycho & jar subscription

More articles: