------ Sign and verify a project ------ Christian Schulte ------ 08 April 2009 ------ ~~ Licensed to the Apache Software Foundation (ASF) under one ~~ or more contributor license agreements. See the NOTICE file ~~ distributed with this work for additional information ~~ regarding copyright ownership. The ASF licenses this file ~~ to you under the Apache License, Version 2.0 (the ~~ "License"); you may not use this file except in compliance ~~ with the License. You may obtain a copy of the License at ~~ ~~ http://www.apache.org/licenses/LICENSE-2.0 ~~ ~~ Unless required by applicable law or agreed to in writing, ~~ software distributed under the License is distributed on an ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~~ KIND, either express or implied. See the License for the ~~ specific language governing permissions and limitations ~~ under the License. Sign and verify a project If you need to sign a project artifact and all attached artifacts and want to verify the signatures afterwards, just configure the sign and verify goal appropriately in your <<>> for the signing to occur automatically during the package phase and for the verification to occur during the verify phase. +-----------------+ ... ... org.apache.maven.plugins maven-jarsigner-plugin 1.0 sign sign verify verify ... ... +-----------------+ Note: The sign goal requires at least the alias to use for signing. This alias can be passed using the command line like <<<-Djarsigner.alias="Alias Name">>> or set as a property in the <<>> file when not configured in the POM.