Generate .pom.sha1 and .jar.sha1
1,009 views
Skip to first unread message
Viktor Klang
Sep 16, 2010, 11:22:31 AM9/16/10
to simple-b...@googlegroups.com
Hi,
what is the recommended way of generating SHA1 signature files (both for artifact.pom.sha1 and artifact.jar.sha1) for publish?
Thanks,
--
Viktor Klang,
Code Connoisseur
Work: www.akkasource.com
Code: github.com/viktorklang
Follow: twitter.com/viktorklang
Read: klangism.tumblr.com
what is the recommended way of generating SHA1 signature files (both for artifact.pom.sha1 and artifact.jar.sha1) for publish?
Thanks,
--
Viktor Klang,
Code Connoisseur
Work: www.akkasource.com
Code: github.com/viktorklang
Follow: twitter.com/viktorklang
Read: klangism.tumblr.com
Mark Harrah
Sep 17, 2010, 8:28:33 AM9/17/10
to simple-b...@googlegroups.com
Hey Viktor,
On Thursday, September 16, 2010 11:22:31 am Viktor Klang wrote:
> Hi,
>
> what is the recommended way of generating SHA1 signature files (both for
> artifact.pom.sha1 and artifact.jar.sha1) for publish?
That's a good question. You have to do it manually and I don't think Ivy will
pick them up to published automatically, so you'd probably have to explicitly
declare them as artifacts. I think sbt should generate these by default.
Thoughts?
-Mark
Stefan Langer
Sep 17, 2010, 9:28:03 AM9/17/10
to simple-b...@googlegroups.com
+1. But Sbt should be so flexible as to define what checksum algorithm
to use. If possible sbt should also provide the ability to sign the
generated artifacts using pgp.
-Stefan
to use. If possible sbt should also provide the ability to sign the
generated artifacts using pgp.
-Stefan
2010/9/17 Mark Harrah <dmha...@gmail.com>:
> --
> You received this message because you are subscribed to the Google Groups "simple-build-tool" group.
> To post to this group, send email to simple-b...@googlegroups.com.
> To unsubscribe from this group, send email to simple-build-t...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/simple-build-tool?hl=en.
>
>
Viktor Klang
Sep 17, 2010, 1:35:05 PM9/17/10
to simple-b...@googlegroups.com
Hey Mark,
Generate by default with an option to choose algorithm and turn off sounds wonderful.
def signArtifacts: Option[SignatureGenerator]
trait SignatureGenerator {
def generate(artifact: Path): Path
}
Thoughts?
Viktor Klang
Code Connoisseur
www.akkasource.com
Heiko Seeberger
Sep 17, 2010, 1:50:55 PM9/17/10
to simple-b...@googlegroups.com
There is already a plugin/
http://github.com/rossabaker/sbt-gpg-plugin
http://github.com/rossabaker/sbt-gpg-plugin
Heilo
> --
> You received this message because you are subscribed to the Google Groups "simple-build-tool" group.
> To post to this group, send email to simple-b...@googlegroups.com.
> To unsubscribe from this group, send email to simple-build-t...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/simple-build-tool?hl=en.
>
--
Heiko Seeberger
Company: weiglewilczek.com
Blog: heikoseeberger.name
Follow me: twitter.com/hseeberger
OSGi on Scala: scalamodules.org
Lift, the simply functional web framework: liftweb.net
Akka - Simpler Scalability, Fault-Tolerance, Concurrency & Remoting through
Actors: akkasource.org
Mark Harrah
Sep 17, 2010, 1:52:40 PM9/17/10
to simple-b...@googlegroups.com
On Friday, September 17, 2010 01:35:05 pm Viktor Klang wrote:
> Hey Mark,
>
> Generate by default with an option to choose algorithm and turn off sounds
> wonderful.
>
> def signArtifacts: Option[SignatureGenerator]
>
> trait SignatureGenerator {
> def generate(artifact: Path): Path
> }
>
> Thoughts?
> Hey Mark,
>
> Generate by default with an option to choose algorithm and turn off sounds
> wonderful.
>
> def signArtifacts: Option[SignatureGenerator]
>
> trait SignatureGenerator {
> def generate(artifact: Path): Path
> }
>
> Thoughts?
Any reason you don't go with:
def signArtifact: Option[Path => Path]
-Mark
Viktor Klang
Sep 17, 2010, 1:55:51 PM9/17/10
to simple-b...@googlegroups.com
Doesnt look to support neither MD5 nor SHA1, or?
Cheers,
Viktor Klang
Code Connoisseur
www.akkasource.com
Viktor Klang
Sep 17, 2010, 1:57:47 PM9/17/10
to simple-b...@googlegroups.com
Avoids breakage if/when something needs to be added to the generator,
YMMV :-)
YMMV :-)
Viktor Klang
Code Connoisseur
www.akkasource.com
Heiko Seeberger
Sep 17, 2010, 2:49:02 PM9/17/10
to simple-b...@googlegroups.com
GnuPG Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 and TIGER.
What's the reason you want to sing your artifacts? If publishing (to Maven central), that's what Ross' plugin is doing. He is using it for Scalatra, as you can see here: https://oss.sonatype.org/content/repositories/releases/org/scalatra/scalatra_2.8.0/1.2.1/
Heiko
Viktor Klang
Sep 17, 2010, 3:13:18 PM9/17/10
to simple-b...@googlegroups.com
Mainly to make sure of the integrity if the artifacts.
Will try the plugin :-)
Viktor Klang
Sep 18, 2010, 5:40:51 PM9/18/10
to simple-b...@googlegroups.com
I think his plugin is merely generating an asc file, not the sh1 or md5 ones.
Heiko Seeberger
Sep 19, 2010, 4:20:35 AM9/19/10
to ba...@alumni.indiana.edu, simple-b...@googlegroups.com
Hi Ross,
Maybe you can shed light on this ...
Heiko
Ross A. Baker
Sep 19, 2010, 10:01:23 AM9/19/10
to simple-build-tool
Yes, the sbt-gpg-plugin only does *.asc files. It's analogous to
maven-gpg-plugin.
I'm currently generating the checksums with
http://github.com/scalatra/scalatra/blob/7e4af9a0/project/build/ChecksumPlugin.scala.
It was hacked together hurriedly, with a lot of duplication with the
GPG plugin, but it works for me.
A better long-term solution for publishing to Maven might be to build
a task on top of Maven Aether. When I last looked at it, it required
building some dependencies from source, but that situation may have
changed by now.
Thanks,
Ross
On Sep 19, 4:20 am, Heiko Seeberger <heiko.seeber...@googlemail.com>
wrote:
> >https://oss.sonatype.org/content/repositories/releases/org/scalatra/s...
>
> > Heiko
>
> > On 17 September 2010 19:55, Viktor Klang < <viktor.kl...@gmail.com>
>
> >> On Sep 17, 2010, at 19:50, Heiko Seeberger <<heiko.seeber...@googlemail.com>
> >> >> Code: <http://github.com/viktorklang>github.com/viktorklang
> >> >> Follow: <http://twitter.com/viktorklang>twitter.com/viktorklang
> >> >> Read: <http://klangism.tumblr.com>klangism.tumblr.com
> >> > Blog: heikoseeberger.name
> >> > Follow me: <http://twitter.com/hseeberger>twitter.com/hseeberger
> >> > OSGi on Scala: <http://scalamodules.org>scalamodules.org
> >> > Lift, the simply functional web framework: <http://liftweb.net>
> > Blog: heikoseeberger.name
> > Follow me: <http://twitter.com/hseeberger>twitter.com/hseeberger
> > OSGi on Scala: <http://scalamodules.org>scalamodules.org
> > Lift, the simply functional web framework: <http://liftweb.net>liftweb.net
> .
> For more options, visit this group athttp://groups.google.com/group/simple-build-tool?hl=en.
maven-gpg-plugin.
I'm currently generating the checksums with
http://github.com/scalatra/scalatra/blob/7e4af9a0/project/build/ChecksumPlugin.scala.
It was hacked together hurriedly, with a lot of duplication with the
GPG plugin, but it works for me.
A better long-term solution for publishing to Maven might be to build
a task on top of Maven Aether. When I last looked at it, it required
building some dependencies from source, but that situation may have
changed by now.
Thanks,
Ross
On Sep 19, 4:20 am, Heiko Seeberger <heiko.seeber...@googlemail.com>
wrote:
> Hi Ross,
>
> Maybe you can shed light on this ...
>
> Heiko
>
> ---------- Forwarded message ----------
> From: Viktor Klang <viktor.kl...@gmail.com>
> Date: 18 September 2010 23:40
> Subject: Re: [sbt] Generate .pom.sha1 and .jar.sha1
> To: "simple-b...@googlegroups.com" <simple-b...@googlegroups.com
>
> I think his plugin is merely generating an asc file, not the sh1 or md5
> ones.
>
>
> Maybe you can shed light on this ...
>
> Heiko
>
> ---------- Forwarded message ----------
> From: Viktor Klang <viktor.kl...@gmail.com>
> Date: 18 September 2010 23:40
> Subject: Re: [sbt] Generate .pom.sha1 and .jar.sha1
> To: "simple-b...@googlegroups.com" <simple-b...@googlegroups.com
>
> I think his plugin is merely generating an asc file, not the sh1 or md5
> ones.
>
> On Fri, Sep 17, 2010 at 9:13 PM, Viktor Klang <viktor.kl...@gmail.com>wrote:
>
>
>
> > Mainly to make sure of the integrity if the artifacts.
>
> > Will try the plugin :-)
>
> > Viktor Klang
> > Code Connoisseur
> >www.akkasource.com
>
> > On Sep 17, 2010, at 20:49, Heiko Seeberger <heiko.seeber...@googlemail.com>
>
>
>
> > Mainly to make sure of the integrity if the artifacts.
>
> > Will try the plugin :-)
>
> > Viktor Klang
> > Code Connoisseur
> >www.akkasource.com
>
> > wrote:
>
> > GnuPG Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5,
> > MD5, SHA-1, RIPE-MD-160 and TIGER.
>
> > What's the reason you want to sing your artifacts? If publishing (to Maven
> > central), that's what Ross' plugin is doing. He is using it for Scalatra, as
> > you can see here: <https://oss.sonatype.org/content/repositories/releases/org/scalatra/s...>
>
> > GnuPG Supports ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5,
> > MD5, SHA-1, RIPE-MD-160 and TIGER.
>
> > What's the reason you want to sing your artifacts? If publishing (to Maven
> > central), that's what Ross' plugin is doing. He is using it for Scalatra, as
> >https://oss.sonatype.org/content/repositories/releases/org/scalatra/s...
>
> > Heiko
>
> > On 17 September 2010 19:55, Viktor Klang < <viktor.kl...@gmail.com>
> > viktor.kl...@gmail.com> wrote:
>
> >> Doesnt look to support neither MD5 nor SHA1, or?
>
> >> Cheers,
>
> >> Viktor Klang
> >> Code Connoisseur
> >> <http://www.akkasource.com>www.akkasource.com
>
> >> Doesnt look to support neither MD5 nor SHA1, or?
>
> >> Cheers,
>
> >> Viktor Klang
> >> Code Connoisseur
>
> >> On Sep 17, 2010, at 19:50, Heiko Seeberger <<heiko.seeber...@googlemail.com>
> >> heiko.seeber...@googlemail.com> wrote:
>
> >> > There is already a plugin/
> >> > <http://github.com/rossabaker/sbt-gpg-plugin>
> >>http://github.com/rossabaker/sbt-gpg-plugin
>
> >> > Heilo
>
> >> > On Thursday, September 16, 2010, Viktor Klang <<viktor.kl...@gmail.com>
>
> >> > There is already a plugin/
> >> > <http://github.com/rossabaker/sbt-gpg-plugin>
> >>http://github.com/rossabaker/sbt-gpg-plugin
>
> >> > Heilo
>
> >> viktor.kl...@gmail.com> wrote:
> >> >> Hi,
>
> >> >> what is the recommended way of generating SHA1 signature files (both
> >> for artifact.pom.sha1 and artifact.jar.sha1) for publish?
> >> >> Thanks,
> >> >> --
> >> >> Viktor Klang,
> >> >> Code Connoisseur
> >> >> Work: <http://www.akkasource.com>www.akkasource.com
> >> >> Hi,
>
> >> >> what is the recommended way of generating SHA1 signature files (both
> >> for artifact.pom.sha1 and artifact.jar.sha1) for publish?
> >> >> Thanks,
> >> >> --
> >> >> Viktor Klang,
> >> >> Code Connoisseur
> >> >> Code: <http://github.com/viktorklang>github.com/viktorklang
> >> >> Follow: <http://twitter.com/viktorklang>twitter.com/viktorklang
> >> >> Read: <http://klangism.tumblr.com>klangism.tumblr.com
>
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> >> Groups "simple-build-tool" group.
> >> >> To post to this group, send email to
> >> <simple-b...@googlegroups.com>simple-b...@googlegroups.com.
> >> >> --
> >> >> You received this message because you are subscribed to the Google
> >> Groups "simple-build-tool" group.
> >> >> To post to this group, send email to
> >> >> To unsubscribe from this group, send email to
> >> <simple-build-tool%2Bunsu...@googlegroups.com>
> >> simple-build-t...@googlegroups.com.
> >> >> For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >>http://groups.google.com/group/simple-build-tool?hl=en.
>
> >> > --
> >> > Heiko Seeberger
>
> >> > Company: <http://weiglewilczek.com>weiglewilczek.com
> >> >> For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >>http://groups.google.com/group/simple-build-tool?hl=en.
>
> >> > --
> >> > Heiko Seeberger
>
> >> > Blog: heikoseeberger.name
> >> > Follow me: <http://twitter.com/hseeberger>twitter.com/hseeberger
> >> > OSGi on Scala: <http://scalamodules.org>scalamodules.org
> >> > Lift, the simply functional web framework: <http://liftweb.net>
> >> liftweb.net
> >> > Akka - Simpler Scalability, Fault-Tolerance, Concurrency & Remoting
> >> through
> >> > Actors: <http://akkasource.org>akkasource.org
> >> > Akka - Simpler Scalability, Fault-Tolerance, Concurrency & Remoting
> >> through
>
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> Groups "simple-build-tool" group.
> >> > To post to this group, send email to
> >> <simple-b...@googlegroups.com>simple-b...@googlegroups.com.
> >> > --
> >> > You received this message because you are subscribed to the Google
> >> Groups "simple-build-tool" group.
> >> > To post to this group, send email to
> >> > To unsubscribe from this group, send email to
> >> <simple-build-tool%2Bunsu...@googlegroups.com>
> >> simple-build-t...@googlegroups.com.
> >> > For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >> > For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >>http://groups.google.com/group/simple-build-tool?hl=en.
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "simple-build-tool" group.
> >> To post to this group, send email to <simple-b...@googlegroups.com>
> >> <simple-build-tool%2Bunsu...@googlegroups.com>
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "simple-build-tool" group.
> >> To post to this group, send email to <simple-b...@googlegroups.com>
> >> simple-build-t...@googlegroups.com.
> >> For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >>http://groups.google.com/group/simple-build-tool?hl=en.
>
> > --
> > Heiko Seeberger
>
> > Company: <http://weiglewilczek.com>weiglewilczek.com
> >> For more options, visit this group at
> >> <http://groups.google.com/group/simple-build-tool?hl=en>
> >>http://groups.google.com/group/simple-build-tool?hl=en.
>
> > --
> > Heiko Seeberger
>
> > Blog: heikoseeberger.name
> > Follow me: <http://twitter.com/hseeberger>twitter.com/hseeberger
> > OSGi on Scala: <http://scalamodules.org>scalamodules.org
> > Lift, the simply functional web framework: <http://liftweb.net>liftweb.net
> > Akka - Simpler Scalability, Fault-Tolerance, Concurrency & Remoting through
> > Actors: <http://akkasource.org>akkasource.org
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "simple-build-tool" group.
> > To post to this group, send email to simple-b...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > simple-build-t...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/simple-build-tool?hl=en.
>
> --
> Viktor Klang,
> Code Connoisseur
> Work: www.akkasource.com
> Code: github.com/viktorklang
> Follow: twitter.com/viktorklang
> Read: klangism.tumblr.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "simple-build-tool" group.
> To post to this group, send email to simple-b...@googlegroups.com.
> To unsubscribe from this group, send email to
> simple-build-t...@googlegroups.com<simple-build-tool%2Bunsu...@googlegroups.com>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "simple-build-tool" group.
> > To post to this group, send email to simple-b...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > simple-build-t...@googlegroups.com.
> > For more options, visit this group at
> >http://groups.google.com/group/simple-build-tool?hl=en.
>
> --
> Viktor Klang,
> Code Connoisseur
> Work: www.akkasource.com
> Code: github.com/viktorklang
> Follow: twitter.com/viktorklang
> Read: klangism.tumblr.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "simple-build-tool" group.
> To post to this group, send email to simple-b...@googlegroups.com.
> To unsubscribe from this group, send email to
> .
> For more options, visit this group athttp://groups.google.com/group/simple-build-tool?hl=en.
Reply all
Reply to author
Forward
0 new messages