maven-jarsigner-plugin: sign multiple jar files
The maven-jarsigner-plugin is a pretty handy Maven plugin if you want to sign the jar file produced by your Maven artefact build. The plugins documentation does provide several examples for that use case.
But if you want to sign just some jar files in the scope of your Maven build – especially if you need to apply certain include / exclude patterns – than the documentation provides only the configuration options you have to put together to make it work. Here’s an example how to sign several jar files using include / exclude patterns.
<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>sign</id> <phase>install</phase> <goals> <goal>sign</goal> </goals> </execution> </executions> <configuration> <archiveDirectory>target/jars</archiveDirectory> <excludes> <exclude>**/S*.jar</exclude> </excludes> <includes> <include>**/*.jar</include> </includes> <keystore>/path/to/keystore.jks</keystore> <alias>...</alias> <storepass>...</storepass> <keypass>...</keypass> </configuration> </plugin>
The <archiveDirectory> tag defines the directory where the maven-jarsigner-plugin will search for files that do match the include pattern provided by the <includes> tags value list. Both <includes> and <excludes> tags do use the same include / exclude patterns used by Ant.
In this example we want to match every *.jar file in the given directory and it’s subdirectories. Therefore we do use **/*.jar as the one and only value of the <includes> tags value list. At the same time we don’t want to sign any jar file that does start with a capital ‘S’ in the filename for whatever weird reason – maybe ’cause we don’t like uppercase ‘S’s. That’s why the <excludes> tags value list contains only the **/S*.jar value. Once again the ** prefix was used in the include / exclude pattern to tell the maven-jarsigner-plugin that those pattern should match in the given directory and all it’s subdirectories.
Both <includes> and <excludes> tags are optional if you don’t need and special include / exclude patterns. According to the maven-jarsigner-plugin documentation the default value for the <includes> tags value list is the **/*.?ar pattern which will match all *.jar and also *.war files.
..and a last closing warning: Be aware that the default include pattern does search the given directory and all it’s subdirectories for matching files. While doing so the plugin will follow any symlink in those directories!
March 28th, 2012 - 17:40
This is exactly what I need – my only question is how to get the dependency jars into your target folder in the first place?
March 28th, 2012 - 18:22
I did use the ‘dependency:copy-dependencies’ goal of the maven-dependency-plugin (http://maven.apache.org/plugins/maven-dependency-plugin/copy-dependencies-mojo.html) to copy the projects dependencies into the ‘target/jars’ folder. The output path can be specified via the ‘outputDirectory’ configuration tag.
April 2nd, 2012 - 11:58
Thanks Markus, I’ll give that a try!
August 13th, 2012 - 10:53
I used this:
${project.build.directory}
*.jar
*.apk
And it doesn’t work, all signing also .jar
August 13th, 2012 - 11:50
The default behavior of the plugin is to sign the projects main jar file in the target directory and even defining excludes won’t change this behaviour. This was one of the reasons why I did use an dedicated output directory in my example so that it doesn’t interfere with the contents of the target directory and the default behavior of the plugin.
You might try to use the “archive” tag of the maven-jarsigner-plugin to explicitly set the location of your apk file (not sure if you have multiple ones) since according to the documentation the target/”projectname”-”version”.jar file isn’t signed per default as soon as the “archive” tag has been defined. Have a look at the plugins documentation https://maven.apache.org/plugins/maven-jarsigner-plugin/sign-mojo.html on how to use the “archive” tag.