Developers, Developers, Developers! Maksim Sorokin IT Blog

19Aug/10Off

Signing Jars on a Build Server

Here I will discuss a problem which occurs, when you want to sign a jar in your continuous integration. Where keystore should be kept? A solution is provided using local maven repository.

However, we do not want to hardcode path to the keystore in our pom.xml. But keystore is pretty static, so we can copy it to all developers machines and build server! But this is solution, since different machines can have different operation systems.

But since keystore is static, we can wrap it into zip file and upload to our local maven repository! Afterwards, when you want to sign a jar in your maven build, you simply download from repository using http://maven.apache.org/plugins/maven-dependency-plugin/ and sign your jar the way you want, for example with Webstart Maven Plugin (should be named Maven Webstart plugin, though).
Here is a small maven snipped for downloading keystore zip from repository and putting it to target/keystore folder:

...
  <build>
  ...
    <plugins>
	...
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-dependency-plugin</artifactId>
        <executions>
          <execution>
            <id>unpack</id>
            <phase>package</phase>
            <goals>
              <goal>unpack</goal>
            </goals>
            <configuration>
              <artifactItems>
                <artifactItem>
                  <groupId>dk.sorokin.maksim</groupId>
                  <artifactId>keystore</artifactId>
                  <version>1.0.0</version>
                  <type>zip</type>
                  <outputDirectory>${project.build.directory}/keystore</outputDirectory>
                  <includes>*</includes>
                </artifactItem>
              </artifactItems>
            </configuration>
          </execution>
        </executions>
      </plugin>
	</plugins>
  </build>
...
Comments (0) Trackbacks (1)

Leave a comment