Hello,
I’m new to Gradle sand rather new to Java so pardon my ignorance.
I’m continuing a project based on Gradle. The project is a JNLP application (I know it’s going to be removed but we need some maintenance on it) which depends on some open-source libraries (batik, etc.). Currently, those libraries are in the Git repository (and added to compile-time dependencies in build.gradle
) and are used to create a fat JAR with the com.github.johnrenglman.shadow plugin
.
I would like to get rid of that (the Java side is easy) and fix some weird constructs in build.gradle
.
I have been able to compile the project into a regular JAR. My current issues are:
- How to sign the external JARs ? I have found some code to sign the main JAR with
jarsigner
and I have been able to adapt it to sign the external JARs:
task signJar(description: 'to Sign JAR.', group: 'Build'){ dependsOn jar doLast{ def jarPath = jar.archivePath def jksFile = new File(projectDir, "microscopestore") exec { executable 'jarsigner' args '-keystore', jksFile, '-storepass', 'microscope', '-digestalg', 'SHA1', jarPath, 'microscope' } configurations.compile.files.each { lib -> exec { executable 'jarsigner' args '-keystore', jksFile, '-storepass', 'microscope', '-digestalg', 'SHA1', lib, 'microscope' } } } }
However, it modifies the JARs. I am not sure what is the best option here. I have found the signing
plugin but I am not sure if it applies here (this discussion seems to indicate that the signing
plugin doesn’t sign the JAR as done by jarsigner
).
- How to upload the signed JARs (both the external ones and our JAR) ? Currently, I use a local repository and the following code:
artifacts { archives jar, configurations.compile.files } uploadArchives { repositories { flatDir { dirs project.publishPath + project.name + '-' + project.version } } }
This works but the project version is appended to the external JAR files which is weird.
Any advice on those points ?
Thanks in advance,
Mathieu