Chariot Training Classes

Training Courses

I run Chariot's training and mentoring services. We provide training in AngularJS, HTML5, Spring, Hibernate, Maven, Scala, and more.

Chariot Education Services

Technology

Chariot Emerging Tech

Learn about upcoming technologies and trends from my colleagues at Chariot Solutions.

Resources

Chariot Conferences

Podcasts

« Roo in Action - Almost thereā€¦ | Main | I'm ShellFamous »
Sunday
Sep042011

Skipping the PGP Signing Process 

If you need to install or deploy the maven artifact of your add-on to an internal repository server, and you don't need to deploy to a public OBR repository such as the RooBot server, you can choose to disable the PGP key signing process. Just comment out the maven-gpg-plugin entry in your project's pom.xml file, and you can then use the mvn install and mvn deploy commands internally:

<!-- comment out this block temporarily
<plugin>
  <groupId>org.apache.maven.plugins</groupId>
  <artifactId>maven-gpg-plugin</artifactId>
  <version>1.3</version>
  <executions>
    <execution>
      <id>sign-artifacts</id>
      <phase>verify</phase>
      <goals>
        <goal>sign</goal>
      </goals>
    </execution>
  </executions>
</plugin>
-->

We suggest following the signing process anyway, as it verifies that a deployed maven artifact came from a given, trustable source. However, for internal testing and for non-critical applications, especially internal ones, disabling this check can save your some configuration headaches.

PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>