------ Deploy Signed Artifacts ------ Dennis Lundberg ------ 2011-03-19 ------ ~~ Licensed to the Apache Software Foundation (ASF) under one ~~ or more contributor license agreements. See the NOTICE file ~~ distributed with this work for additional information ~~ regarding copyright ownership. The ASF licenses this file ~~ to you under the Apache License, Version 2.0 (the ~~ "License"); you may not use this file except in compliance ~~ with the License. You may obtain a copy of the License at ~~ ~~ http://www.apache.org/licenses/LICENSE-2.0 ~~ ~~ Unless required by applicable law or agreed to in writing, ~~ software distributed under the License is distributed on an ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~~ KIND, either express or implied. See the License for the ~~ specific language governing permissions and limitations ~~ under the License. Deploy Signed Artifacts Without this plugin you would deploy your project like this: +----------+ mvn deploy +----------+ If you have configured this plugin according to the instructions in the {{{../usage.html}usage page}} then you just need to specify the passphrase for your private key on the command line. Like this: +----------+ mvn deploy -Dgpg.passphrase=thephrase +----------+ If you don't specify a passphrase, it will prompt for one. * Issue with invalid signatures on the POM files Maven 2.0.5 fixes a problem where the POM files would end up changing between signing them and deploying them. If the signatures on the POM files are invalid, make sure you upgrade to Maven 2.0.5. * Install/Deploy without configuring the plugin in the POM Currently this is not easily accomplished. gpg signs the artifacts attached to the build at the point that gpg runs. However, we want to "inject" the gpg into the phases. What MIGHT work is: +----------+ mvn verify gpg:sign install:install deploy:deploy +----------+ However, if there are other plugins configured for phases after the <<>> phase, they will not be run.