bstansberry opened a new issue, #138: URL: https://github.com/apache/maven-gpg-plugin/issues/138
### Affected version 3.2.7 ### Bug description The algorithm GpgSignAttachedMojo follows to attach signed artifacts results in attachments with the empty string as the classifier if the classifier of the artifact that was signed was null. This happens with 'attached' artifacts (MavenProject.getAttachedArtifacts()), not with the 'main' artifact for the project (MavenProject.getArtifact()). We've observed other plugins having problems with attachments with the empty string classifier, so this PR proposes detecting this and using null instead. The plugin where we observed this was Sonatype's nxrm3-maven-plugin, whose deploy or staging-deploy goals fail when processing these 'empty string' artifacts. They have validation logic that rejects the empty string. I've attempted to report this to Sonatype, suggesting they check for and avoid this problem. In case they don't, the fix here may help maven-gpg-plugin users who are migrating to Nexus 3. If you decide not to worry about this and leave it to the Sonatype plugin to fix, I won't be offended. :) One way to create a project that will exhibit this behavior is to use the maven-assembly-plugin in the project and set its appendAssemblyId setting to false. That setting causes the plugin to attach its assembly using a null classifier. The maven-gpg-plugin then attaches an asc file with an empty string as its classifier. I imagine this may be a fairly common pattern in projects that are meant to produce something other than a jar/ear/war/rar. In our case we use it to produce zips. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
