Author: dantran
Date: Fri Dec 26 08:20:15 2014
New Revision: 1647942
URL: http://svn.apache.org/r1647942
Log:
[MGPG-31] Add ability to store passphase under settings.xml in clear or
encrypted text
Added:
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/invoker.properties
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/pom.xml
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/verify.bsh
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/components.xml
Modified:
maven/plugins/trunk/maven-gpg-plugin/pom.xml
maven/plugins/trunk/maven-gpg-plugin/src/it/settings.xml
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/AbstractGpgMojo.java
maven/plugins/trunk/maven-gpg-plugin/src/site/apt/usage.apt.vm
Modified: maven/plugins/trunk/maven-gpg-plugin/pom.xml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/pom.xml?rev=1647942&r1=1647941&r2=1647942&view=diff
==============================================================================
--- maven/plugins/trunk/maven-gpg-plugin/pom.xml (original)
+++ maven/plugins/trunk/maven-gpg-plugin/pom.xml Fri Dec 26 08:20:15 2014
@@ -96,6 +96,11 @@ under the License.
<artifactId>plexus-utils</artifactId>
<version>3.0.20</version>
</dependency>
+ <dependency>
+ <groupId>org.sonatype.plexus</groupId>
+ <artifactId>plexus-sec-dispatcher</artifactId>
+ <version>1.4</version>
+ </dependency>
</dependencies>
<build>
@@ -106,9 +111,7 @@ under the License.
<artifactId>apache-rat-plugin</artifactId>
<configuration>
<excludes combine.children="append">
- <!--
- rat check errors seen on ASF Jenkins instance, but not on
local machine...
- -->
+ <!-- rat check errors seen on ASF Jenkins instance, but not on
local machine... -->
<exclude>src/test/resources/gnupg/*</exclude>
</excludes>
</configuration>
@@ -131,6 +134,7 @@ under the License.
<pomInclude>*/pom.xml</pomInclude>
<pomInclude>sign-and-deploy*</pomInclude>
</pomIncludes>
+ <settingsFile>src/main/it/settings.xml</settingsFile>
<goals>
<goal>clean</goal>
<goal>install</goal>
Modified: maven/plugins/trunk/maven-gpg-plugin/src/it/settings.xml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/it/settings.xml?rev=1647942&r1=1647941&r2=1647942&view=diff
==============================================================================
--- maven/plugins/trunk/maven-gpg-plugin/src/it/settings.xml (original)
+++ maven/plugins/trunk/maven-gpg-plugin/src/it/settings.xml Fri Dec 26
08:20:15 2014
@@ -19,7 +19,10 @@ specific language governing permissions
under the License.
-->
-<settings>
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd";>
+
<profiles>
<profile>
<id>it-repo</id>
@@ -52,4 +55,12 @@ under the License.
</pluginRepositories>
</profile>
</profiles>
+
+ <servers>
+ <server>
+ <id>gpg.passphase</id>
+ <passphrase>TEST</passphrase>
+ </server>
+ </servers>
+
</settings>
Added:
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/invoker.properties
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/invoker.properties?rev=1647942&view=auto
==============================================================================
---
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/invoker.properties
(added)
+++
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/invoker.properties
Fri Dec 26 08:20:15 2014
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Windows doesn't has a gpg-executable
+#invoker.os.family = !windows
Added:
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/pom.xml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/pom.xml?rev=1647942&view=auto
==============================================================================
---
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/pom.xml
(added)
+++
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/pom.xml
Fri Dec 26 08:20:15 2014
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>org.apache.maven.its.gpg.nma</groupId>
+ <artifactId>test</artifactId>
+ <version>1.0</version>
+ <packaging>jar</packaging>
+
+ <description>
+ Tests the signing of a project that produces no main artifact but only
attached artifacts (MGPG-20).
+ </description>
+
+ <properties>
+ <maven.test.skip>true</maven.test.skip>
+ </properties>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <version>2.0.2</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>@project.version@</version>
+ <configuration>
+ <!-- load passphase from settings.xml -->
+ </configuration>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-install-plugin</artifactId>
+ <version>2.3</version>
+ <configuration>
+ <updateReleaseInfo>true</updateReleaseInfo>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <version>2.1</version>
+ <configuration>
+ <classifier>jdk15</classifier>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-resources-plugin</artifactId>
+ <version>2.2</version>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <version>2.3.1</version>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
Added:
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/verify.bsh
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/verify.bsh?rev=1647942&view=auto
==============================================================================
---
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/verify.bsh
(added)
+++
maven/plugins/trunk/maven-gpg-plugin/src/it/sign-with-passphase-from-maven-settings/verify.bsh
Fri Dec 26 08:20:15 2014
@@ -0,0 +1,42 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import java.io.*;
+
+File artifactDir = new File( localRepositoryPath,
"org/apache/maven/its/gpg/nma/test/1.0" );
+
+String[] expectedFiles = {
+ "test-1.0.pom",
+ "test-1.0.pom.asc",
+ "test-1.0-jdk15.jar",
+ "test-1.0-jdk15.jar.asc",
+};
+
+for ( String expectedFile : expectedFiles )
+{
+ File file = new File( artifactDir, expectedFile );
+
+ System.out.println( "Checking for existence of " + file );
+
+ if ( !file.isFile() )
+ {
+ throw new Exception( "Missing file " + file );
+ }
+}
Modified:
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/AbstractGpgMojo.java
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/AbstractGpgMojo.java?rev=1647942&r1=1647941&r2=1647942&view=diff
==============================================================================
---
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/AbstractGpgMojo.java
(original)
+++
maven/plugins/trunk/maven-gpg-plugin/src/main/java/org/apache/maven/plugin/gpg/AbstractGpgMojo.java
Fri Dec 26 08:20:15 2014
@@ -26,8 +26,14 @@ import java.util.List;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
+import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
+import org.apache.maven.settings.Server;
+import org.apache.maven.settings.Settings;
+import org.codehaus.plexus.util.StringUtils;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
/**
* @author Benjamin Bentmann
@@ -46,12 +52,19 @@ public abstract class AbstractGpgMojo
private File homedir;
/**
- * The passphrase to use when signing.
- */
+ * The passphrase to use when signing. If not given, look up the value
under Maven
+ * settings using server id at 'passphaseServerKey' configuration.
+ **/
@Parameter( property = "gpg.passphrase" )
private String passphrase;
/**
+ * Server id to lookup the passphase under Maven settings.
+ */
+ @Parameter( property = "gpg.passphaseServerKey", defaultValue =
"gpg.passphase" )
+ private String passphaseServerKey;
+
+ /**
* The "name" of the key to sign with. Passed to gpg as
<code>--local-user</code>.
*/
@Parameter( property = "gpg.keyname" )
@@ -59,8 +72,8 @@ public abstract class AbstractGpgMojo
/**
* Passes <code>--use-agent</code> or <code>--no-use-agent</code> to gpg.
If using an agent, the passphrase is
- * optional as the agent will provide it.
- * For gpg2, specify true as --no-use-agent was removed in gpg2 and
doesn't ask for a passphrase anymore.
+ * optional as the agent will provide it. For gpg2, specify true as
--no-use-agent was removed in gpg2 and doesn't
+ * ask for a passphrase anymore.
*/
@Parameter( property = "gpg.useagent", defaultValue = "true" )
private boolean useAgent;
@@ -122,19 +135,35 @@ public abstract class AbstractGpgMojo
/**
* Sets the arguments to be passed to gpg. Example:
- *
+ *
* <pre>
* <gpgArguments>
* <arg>--no-random-seed-file</arg>
* <arg>--no-permission-warning</arg>
* </gpgArguments>
* </pre>
- *
+ *
* @since 1.5
*/
@Parameter
private List<String> gpgArguments;
+ /**
+ * Current user system settings for use in Maven.
+ *
+ * @since 1.6
+ */
+ @Parameter( defaultValue = "${settings}", readonly = true )
+ private Settings settings;
+
+ /**
+ * Maven Security Dispatcher
+ *
+ * @since 1.6
+ */
+ @Component( hint = "mng-4384" )
+ private SecDispatcher securityDispatcher;
+
AbstractGpgSigner newSigner( MavenProject project )
throws MojoExecutionException, MojoFailureException
{
@@ -151,6 +180,8 @@ public abstract class AbstractGpgMojo
signer.setLockMode( lockMode );
signer.setArgs( gpgArguments );
+ loadGpgPassphase();
+
signer.setPassPhrase( passphrase );
if ( null == passphrase && !useAgent )
{
@@ -171,4 +202,32 @@ public abstract class AbstractGpgMojo
return signer;
}
+ /**
+ * Load and decrypt gpg passphase from maven settings if not given from
plugin configuration
+ *
+ * @throws MojoFailureException
+ */
+ private void loadGpgPassphase()
+ throws MojoFailureException
+ {
+ if ( StringUtils.isEmpty( this.passphrase ) )
+ {
+ Server server = this.settings.getServer( passphaseServerKey );
+
+ if ( server != null )
+ {
+ if ( server.getPassphrase() != null )
+ {
+ try
+ {
+ this.passphrase = securityDispatcher.decrypt(
server.getPassphrase() );
+ }
+ catch ( SecDispatcherException e )
+ {
+ throw new MojoFailureException( "Unable to decrypt gpg
password", e );
+ }
+ }
+ }
+ }
+ }
}
Added:
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/components.xml
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/components.xml?rev=1647942&view=auto
==============================================================================
---
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/components.xml
(added)
+++
maven/plugins/trunk/maven-gpg-plugin/src/main/resources/META-INF/plexus/components.xml
Fri Dec 26 08:20:15 2014
@@ -0,0 +1,43 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<component-set>
+ <components>
+ <component>
+ <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role>
+ <role-hint>mng-4384</role-hint>
+
<implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation>
+ <requirements>
+ <requirement>
+ <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+ <role-hint>mng-4384</role-hint>
+ <field-name>_cipher</field-name>
+ </requirement>
+ </requirements>
+ <configuration>
+ <_configuration-file>~/.m2/settings-security.xml</_configuration-file>
+ </configuration>
+ </component>
+ <component>
+ <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+ <role-hint>mng-4384</role-hint>
+
<implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation>
+ </component>
+ </components>
+</component-set>
Modified: maven/plugins/trunk/maven-gpg-plugin/src/site/apt/usage.apt.vm
URL:
http://svn.apache.org/viewvc/maven/plugins/trunk/maven-gpg-plugin/src/site/apt/usage.apt.vm?rev=1647942&r1=1647941&r2=1647942&view=diff
==============================================================================
--- maven/plugins/trunk/maven-gpg-plugin/src/site/apt/usage.apt.vm (original)
+++ maven/plugins/trunk/maven-gpg-plugin/src/site/apt/usage.apt.vm Fri Dec 26
08:20:15 2014
@@ -77,3 +77,22 @@ mvn release:perform -Darguments=-Dgpg.pa
This accounts for the fact, that the Release Plugin forks Maven and system
properties of the current Maven session are
unfortunately not automatically propagated to the forked Maven session (see
also {{{http://jira.codehaus.org/browse/MGPG-9}MGPG-9}}).
+
+
+* Configure passphase under settings.xml
+
+ Instead of specifying the passphase at command line, you can place it under
your local settings.xml
+ either in clear or
{{{http://maven.apache.org/guides/mini/guide-encryption.html}encrypted}} text.
+
++----------+
+<settings>
+ [...]
+ <servers>
+ [...]
+ <server>
+ <id>gpg.passphase</id>
+ <passphase>clear or encrypted text</passphase>
+ </server>
+ </servers>
+</settings>
++----------+
\ No newline at end of file
