Merge pull request #263 from s4u/mulit-keysmap

Allow multiple KeysMap files to be specified

pom.xml

@@ -542,7 +542,6 @@
                             <showErrors>true</showErrors>
                             <mavenOpts>${argLine}</mavenOpts>
                             <parallelThreads>2C</parallelThreads>
-                            <streamLogsOnFailures>true</streamLogsOnFailures>
                         </configuration>
                     </execution>
                 </executions>
@@ -609,4 +608,18 @@
         </plugins>
     </reporting>
 
+    <profiles>
+        <profile>
+            <id>ci-system</id>
+            <activation>
+                <property>
+                    <name>env.CI</name>
+                </property>
+            </activation>
+            <properties>
+                <invoker.streamLogsOnFailures>true</invoker.streamLogsOnFailures>
+            </properties>
+        </profile>
+    </profiles>
+
 </project>

src/it/multipleKeysMap-exclude/invoker.properties

@@ -0,0 +1,16 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+invoker.buildResult = failure

src/it/multipleKeysMap-exclude/keysmap1.list

@@ -0,0 +1,21 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+junit:junit:4.12                            = 0x58E79B6ABC762159DC0B1591164BD2247B936711
+org.hamcrest:hamcrest-core:1.3              = 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E
+
+commons-beanutils:commons-beanutils:1.7.0   = noSig
+commons-logging:commons-logging:1.0.3       = noSig

src/it/multipleKeysMap-exclude/keysmap2.list

@@ -0,0 +1,19 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+commons-chain:commons-chain:1.2             = 0x6E13156C0EE653F0B984663AB95BBD3FA43C4492
+commons-chain:commons-chain:1.2             = 0xD196A5E3E70732EEB2E5007F1861C322C56014B2
+

src/it/multipleKeysMap-exclude/pom-test.xml

@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Slawomir Jaranowski
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>it-test-parent</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath/>
+    </parent>
+
+    <artifactId>test</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.7.0</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-chain</groupId>
+            <artifactId>commons-chain</artifactId>
+            <version>1.2</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.simplify4u.plugins</groupId>
+                <artifactId>pgpverify-maven-plugin</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <keysMapLocations>
+                        <keysMapLocation>
+                            <location>${project.basedir}/keysmap1.list</location>
+                            <exclude>
+                                <value>noSig</value>
+                            </exclude>
+                        </keysMapLocation>
+                        <keysMapLocation>${project.basedir}/keysmap2.list</keysMapLocation>
+                    </keysMapLocations>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

src/it/multipleKeysMap-exclude/postbuild.groovy

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2020 Slawomir Jaranowski
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+def buildLog = new File( basedir, 'build.log' ).text
+
+assert buildLog.contains('[ERROR] Unsigned artifact not listed in keys map: commons-beanutils:commons-beanutils')
+assert buildLog.contains('[ERROR] Unsigned artifact not listed in keys map: commons-logging:commons-logging')
+
+assert buildLog.contains('[INFO] BUILD FAILURE')

src/it/multipleKeysMap-include/invoker.properties

@@ -0,0 +1,16 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+invoker.buildResult = failure

src/it/multipleKeysMap-include/keysmap1.list

@@ -0,0 +1,21 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+junit:junit:4.12                            = 0x58E79B6ABC762159DC0B1591164BD2247B936711
+org.hamcrest:hamcrest-core:1.3              = 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E
+
+commons-beanutils:commons-beanutils:1.7.0   = noSig
+commons-logging:commons-logging:1.0.3       = noSig

src/it/multipleKeysMap-include/keysmap2.list

@@ -0,0 +1,19 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+commons-chain:commons-chain:1.2             = 0x6E13156C0EE653F0B984663AB95BBD3FA43C4492
+commons-chain:commons-chain:1.2             = 0xD196A5E3E70732EEB2E5007F1861C322C56014B2
+

src/it/multipleKeysMap-include/pom-test.xml

@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Slawomir Jaranowski
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>test</groupId>
+        <artifactId>it-test-parent</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath/>
+    </parent>
+
+    <artifactId>test</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>pom</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.12</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.7.0</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-chain</groupId>
+            <artifactId>commons-chain</artifactId>
+            <version>1.2</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.simplify4u.plugins</groupId>
+                <artifactId>pgpverify-maven-plugin</artifactId>
+                <version>@project.version@</version>
+                <configuration>
+                    <keysMapLocations>
+                        <keysMapLocation>
+                            <location>${project.basedir}/keysmap1.list</location>
+                            <include>
+                                <pattern>junit:.*</pattern>
+                            </include>
+                            <include>
+                                <value>noSig</value>
+                            </include>
+                        </keysMapLocation>
+                        <keysMapLocation>${project.basedir}/keysmap2.list</keysMapLocation>
+                    </keysMapLocations>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>check</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+</project>

src/it/multipleKeysMap-include/postbuild.groovy

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2021 Slawomir Jaranowski
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+def buildLog = new File( basedir, 'build.log' ).text
+
+
+assert buildLog.contains('[INFO] junit:junit:jar:4.12 PGP Signature OK')
+assert buildLog.contains('[INFO] junit:junit:pom:4.12 PGP Signature OK')
+
+assert buildLog.contains('[INFO] commons-chain:commons-chain:jar:1.2 PGP Signature OK')
+assert buildLog.contains('[INFO] commons-chain:commons-chain:pom:1.2 PGP Signature OK')
+
+assert buildLog.contains('[ERROR] Not allowed artifact org.hamcrest:hamcrest-core:jar:1.3 and keyID:')
+assert buildLog.contains('[ERROR] Not allowed artifact org.hamcrest:hamcrest-core:pom:1.3 and keyID:')
+
+assert buildLog.contains('[INFO] commons-beanutils:commons-beanutils:jar:1.7.0 PGP Signature unavailable, consistent with keys map.')
+assert buildLog.contains('[INFO] commons-logging:commons-logging:jar:1.0.3 PGP Signature unavailable, consistent with keys map.')
+
+assert buildLog.contains('[INFO] BUILD FAILURE')

src/it/multipleKeysMap/keysmap1.list

@@ -0,0 +1,21 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+junit:junit:4.12                            = 0x58E79B6ABC762159DC0B1591164BD2247B936711
+org.hamcrest:hamcrest-core:1.3              = 0x4DB1A49729B053CAF015CEE9A6ADFC93EF34893E
+
+commons-beanutils:commons-beanutils:1.7.0   = noSig
+commons-logging:commons-logging:1.0.3       = noSig

src/it/multipleKeysMap/keysmap2.list

@@ -0,0 +1,19 @@
+#
+# Copyright 2021 Slawomir Jaranowski
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+commons-chain:commons-chain:1.2             = 0x6E13156C0EE653F0B984663AB95BBD3FA43C4492
+commons-chain:commons-chain:1.2             = 0xD196A5E3E70732EEB2E5007F1861C322C56014B2
+