-
-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify from local keys / offline mode #394
Comments
simply try
|
Hey Slawomir! That wouldn't work for my scenario. Sorry for not providing a better command. See what I am doing at the moment: Consider the ojdbc8-production.pom (which is essentially a bom file).
I now replaced it with a two step setup:
Now it would fail because the pgpverirfy-plugin is not available. Of course, there is a workaround. Add a third step in the middle:
If that really is the intended solution, this three-step setup should be documented. That's not something an average maven user can do, I'd say. // Edit: that doesn't even work as intended:
I think the plugin does not pick up GNUPGHOME. |
So, adding It seems undocumented, but here is the layout:
This will make a nice blog post, but is quite a way to set up. Maybe you could reconsider my request to use a gpg keyring? :) |
There is goal: |
Right - plugin use bcpg library not gpg executable
It is depends on information in artifacts signatures, sometime we have only long key and in other case we have full key - fingerprint |
OK, so again.
While running go-offline, the following thing happens (all of them are problems to me)
So, why does it not find a specific key? I use the same algorithm to place all the keys. |
OK, maybe in clear terms:
|
maybe it a little help you #546 |
No, not at all too late! This is a super helpful feature whenever there will be new keys being used for e.g. DB driver jars |
Is your feature request related to a problem? Please describe.
Not a problem, except network connections and proxies. :)
When all keys are already present (e.g. .asc files or imported into the local keyring), there is no need to download keys.
BUT I cannot specify the keyring file as of now.
Describe the solution you'd like
-Dverify.offline=true -Dverify.gpghomedir=$PWD
or similar.Describe alternatives you've considered
Additional context
n/a
The text was updated successfully, but these errors were encountered: