[
https://issues.apache.org/jira/browse/MJARSIGNER-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17795067#comment-17795067
]
ASF GitHub Bot commented on MJARSIGNER-62:
------------------------------------------
schedin opened a new pull request, #17:
URL: https://github.com/apache/maven-jarsigner-plugin/pull/17
The author of
https://issues.apache.org/jira/projects/MJARSIGNER/issues/MJARSIGNER-62 would
like to use a 2-element additional argument to the jarsigner command line. The
author believes that the problem they are having is that maven-jarsigner-plugin
(on top of the https://github.com/apache/maven-jarsigner project) is quoting
the arguments, and that is causing the problem.
I believe that the author is not correct: it is how the arguments were used
by the author that is the problem. But I still think that the author has a good
point. I my opinion the `arguments` parameter is not properly documented. You
must be experienced with Maven to understand how to use it. I have used Maven
for many years, and I still have problems with this. This pull request improves
the documentation, so it is understandable for even a novice Maven user. When
this pull request is accepted, I think that MJARSIGNER-62 can be closed.
As an example, the `-certchain` is used in the ticket description. For this
specific parameter there already exists a dedicated parameter. If/when
https://github.com/apache/maven-jarsigner-plugin/pull/14 is accepted this will
also have a correct documentation on
https://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html
As an example, in this pull request, I have selected a parameter that
maven-jarsigner-plugin does not have support for: `-signedjar file`. This is a
good parameter as an example because I don’t think maven-jarsigner-plugin will
implement support for this (since maven-jarsigner-plugin is used to sign many
jarfiles, it does not make sense to overwrite every jar into a single output
jarfile).
Example of rendered output:
> additionalArguments should not have double quotes
> -------------------------------------------------
>
> Key: MJARSIGNER-62
> URL: https://issues.apache.org/jira/browse/MJARSIGNER-62
> Project: Maven Jar Signer Plugin
> Issue Type: Bug
> Affects Versions: 3.0.0
> Environment: Windows
> Reporter: Manfred Koch
> Priority: Major
>
> Adding additional arguments to the jarsigner with the arguments option will
> be double qouted in the command line. That causes errors and should be
> avoided.
>
> *Example:*
>
> {code:java}
> <arguments>-certchain c:\chain.crt</arguments>
> {code}
>
> Results in
> {noformat}
> c:\Jenkins\tools\hudson.model.JDK\jdk-1.8.0_144-windows-x64\jre\..\bin\jarsigner.exe
> -keystore NONE -storepass *** -storetype PKCS11 -providerClass
> sun.security.pkcs11.SunPKCS11 -providerArg C:\config.conf "-certchain
> c:\chain.crt" -tsa http://timestamp.digicert.com library.jar alias{noformat}
> That can't be executed. I check that manually on the system.
> But without double qoutes
> {noformat}
> c:\Jenkins\tools\hudson.model.JDK\jdk-1.8.0_144-windows-x64\jre\..\bin\jarsigner.exe
> -keystore NONE -storepass *** -storetype PKCS11 -providerClass
> sun.security.pkcs11.SunPKCS11 -providerArg C:\config.conf -certchain
> c:\chain.crt -tsa http://timestamp.digicert.com library.jar alias{noformat}
> it is possible to execute the command. I have checked the source code of the
> *AbstractJarsignerMojo.* All *additionalArguments* should not be double
> quoted.
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
