Some brief examples on how to use this plugin.
If you need to sign a project artifact and all attached artifacts, just configure the sign goal appropriately in your pom.xml for the signing to occur automatically during the package phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>net.sourceforge.mjarsigner</groupId>
<artifactId>jarsigner-maven-plugin</artifactId>
<version>1.0-beta-3</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>/path/to/the/keystore</keystore>
<alias>Alias name</alias>
<storepass>Store password</storepass>
<keypass>Key password</keypass>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
If you need to verify the signatures of a project artifact and all attached artifacts, just configure the verify goal appropriately in your pom.xml for the verification to occur automatically during the verify phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>net.sourceforge.mjarsigner</groupId>
<artifactId>jarsigner-maven-plugin</artifactId>
<version>1.0-beta-3</version>
<executions>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<verbose>true</verbose>
<certs>true</certs>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
If you need to sign a single archive, just configure the sign goal appropriately in your pom.xml for the signing to occur automatically during the package phase. To stop the plugin from additionally processing the project artifact and attachments set the artifact and attachments parameters to false as shown below.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>net.sourceforge.mjarsigner</groupId>
<artifactId>jarsigner-maven-plugin</artifactId>
<version>1.0-beta-3</version>
<executions>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<artifact>false</artifact>
<attachments>false</attachments>
<archive>path to archive to sign</arcive>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
If you need to sign a set of archives stored in a directory, just configure the sign goal appropriately in your pom.xml for the signing to occur automatically during the package phase. To stop the plugin from additionally processing the project artifact and attachments set the artifact and attachments parameters to false as shown below.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>net.sourceforge.mjarsigner</groupId>
<artifactId>jarsigner-maven-plugin</artifactId>
<version>1.0-beta-3</version>
<executions>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<artifact>false</artifact>
<attachments>false</attachments>
<directory>directory holding archives to sign</directory>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>
mvn ... -Djarsigner.artifact=false
mvn ... -Djarsigner.attachments=false
mvn ... -Djarsigner.disabled=true
For full documentation, click here.